Waganigong

**Name of the Vulnerable Software and Affected Versions** Gallarific (affected versions not specified) **Description** The issue allows remote attackers to add and edit tasks without requiring authentication. This is possible due to a lack of authentication for specific API endpoints, including "users.php" and "index.php". **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Apache Struts version 1.2.7 **Description** A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via the query string. This occurs because the query string is not properly quoted or filtered when the request handler generates an error message. **Recommendations** For Apache Struts version 1.2.7, update to a version that properly quotes or filters the query string to prevent XSS attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.