Mr T

**Name of the Vulnerable Software and Affected Versions** vldPersonals versions prior to 2.7.1 **Description** A cross-site scripting issue allows remote attackers to inject arbitrary web script or HTML via the `id` parameter in a "member profile" action to "index.php". **Recommendations** For versions prior to 2.7.1, update to version 2.7.1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** vldPersonals versions prior to 2.7.1 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via the `country`, `gender1`, or `gender2` parameter in a search action to "index.php". **Recommendations** For versions prior to 2.7.1, update to version 2.7.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the search action in index.php to minimize the risk of exploitation. Avoid using the `country`, `gender1`, or `gender2` parameters in the affected search action until the issue is resolved.