Silent Needle

Name of the Vulnerable Software and Affected Versions: phpBB (affected versions not specified) Description: The issue is related to a cross-site scripting (XSS) vulnerability. It affects the viewtopic.php file, allowing remote attackers to insert arbitrary web script via the `topic id` parameter. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Bandmin version 1.4 Description: A cross-site scripting (XSS) issue exists, allowing remote attackers to insert arbitrary HTML or script via specific parameters in certain actions. The vulnerable parameters include the `year` parameter in a "showmonth" action, the `month` parameter in a "showmonth" action, and the `host` parameter in a "showhost" action. Recommendations: For Bandmin version 1.4, as a temporary workaround, consider restricting access to the index.cgi file until a patch is available. Avoid using the `year`, `month`, and `host` parameters in the affected actions until the issue is resolved.