Ls Calima

Name of the Vulnerable Software and Affected Versions: Particle Blogger versions 1.2.1 and earlier Description: The issue allows remote attackers to execute arbitrary SQL commands via the `month` parameter and other unspecified vectors in the archives.php file. Recommendations: For Particle Blogger versions 1.2.1 and earlier, consider restricting access to the archives.php file until a patch is available. Avoid using the `month` parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Light Blog versions prior to 20070606 Description: The issue is related to a cross-site scripting (XSS) vulnerability. This vulnerability allows remote attackers to inject arbitrary web script or HTML via the `id` parameter in the "add comment.php" file. Recommendations: For versions prior to 20070606, update to a version released after 20070606 to resolve the issue. As a temporary workaround, consider restricting access to the "add comment.php" file or validating and sanitizing the `id` parameter to prevent malicious input.