Teufel

**Name of the Vulnerable Software and Affected Versions** phpRaid version 2.9.5 **Description** The issue is related to a cross-site scripting (XSS) vulnerability. This vulnerability allows remote attackers to inject arbitrary web script or HTML via the URL query string and the `Sort` parameter in the view.php file. **Recommendations** For phpRaid version 2.9.5, update to a version that fixes this issue, as using the URL query string and the `Sort` parameter can lead to arbitrary web script or HTML injection. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** AspBB version 0.5.2 **Description** The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML. Specifically, the `action` parameter to "default.asp" and the `get` parameter to "profile.asp" are vulnerable. **Recommendations** For AspBB version 0.5.2, consider restricting access to the vulnerable parameters `action` in "default.asp" and `get` in "profile.asp" to minimize the risk of exploitation. Avoid using these parameters until the issue is resolved.