Preben Nylokken

**Name of the Vulnerable Software and Affected Versions** SoftMaker Shop (affected versions not specified) **Description** The issue is related to a cross-site scripting (XSS) vulnerability. It allows remote attackers to inject arbitrary web script or HTML via a `strSok` parameter containing a javascript: URI in an IMG SRC attribute, such as in the `/resultat.asp` page. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** MiniGal 2 (MG2) version 0.5.1 **Description** The issue allows remote attackers to list password-protected images by sending a request to "index.php" with the `list` parameter set to `*` (wildcard) and the `page` parameter set to "all". **Recommendations** For MiniGal 2 (MG2) version 0.5.1, consider restricting access to the "index.php" endpoint with the `list` and `page` parameters until a patch is available. Avoid using the `list` parameter with a wildcard (`*`) and the `page` parameter set to "all" in the "index.php" endpoint to minimize the risk of exploitation.