Teeanno

**Name of the Vulnerable Software and Affected Versions** Trape through 2019-05-08 **Description** A cross-site scripting issue allows remote attackers to inject arbitrary web script or HTML via the `country`, `query`, or `refer` parameter to the "/register" URI, due to the use of the jQuery `prepend()` method. **Recommendations** For versions through 2019-05-08, as a temporary workaround, consider restricting access to the `/register` URI or disabling the use of the `prepend()` method in static/js/trape.js until a fix is available. Avoid using the `country`, `query`, or `refer` parameters in the affected URI until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Trape through 2019-05-08 **Description** The issue is related to SQL injection via the `data[2]` variable in core/db.py. This can be demonstrated by the "/bs t" parameter, which is an API endpoint. **Recommendations** For versions through 2019-05-08, consider restricting access to the vulnerable `data[2]` variable in core/db.py to minimize the risk of exploitation. As a temporary workaround, avoid using the "/bs t" API endpoint until the issue is resolved.