Mahmoud Ghorbanzadeh

**Name of the Vulnerable Software and Affected Versions** OpenX versions 2.8.11 and earlier **Description** The issue allows remote attackers to hijack the authentication of administrators for requests that delete various components, including users, advertisers, banners, campaigns, channels, affiliate websites, or zones, via multiple cross-site request forgery (CSRF) vulnerabilities. This is achieved through unauthorized access to specific API endpoints, such as "admin/agency-user-unlink.php", "admin/advertiser-delete.php", "admin/banner-delete.php", "admin/campaign-delete.php", "admin/channel-delete.php", "admin/affiliate-delete.php", or "admin/zone-delete.php". **Recommendations** For OpenX versions 2.8.11 and earlier, update to a version that includes a fix for this issue to prevent CSRF attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Joomla! component com youtubegallery version 3.4.0 **Description** The issue is related to a cross-site scripting (XSS) vulnerability. This vulnerability allows remote attackers to inject arbitrary web script or HTML via the `videofile` parameter in the includes/flvthumbnail.php file. **Recommendations** For version 3.4.0, consider restricting access to the `videofile` parameter in the includes/flvthumbnail.php file to minimize the risk of exploitation. Avoid using the `videofile` parameter in the affected component until the issue is resolved.