Yannick Von Arx

**Name of the Vulnerable Software and Affected Versions** Two Shoes M-Factory (TSMF) SimpleBoard version 1.1.0 Stable **Description** The issue allows remote attackers to inject arbitrary web script or HTML via several fields, including the `Name` field in "post new topic" in the Frontend, the `Title` field in Simpleboard Configuration in the Backend Admin Panel, and the `Name` fields in Simpleboard Administration in the Backend Admin Panel. **Recommendations** For version 1.1.0 Stable, consider restricting access to the affected fields, such as the `Name` field in the Frontend and Backend Admin Panel, to minimize the risk of exploitation. Avoid using the `Title` and `Name` fields in the Simpleboard Configuration and Administration until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Apple Mac OS X Safari versions 1.3.1 through 2.0.3 **Description** The issue allows remote attackers to cause a denial of service, resulting in CPU consumption and crash, by using a TD element with a large number in the `rowspan` attribute. **Recommendations** For Apple Mac OS X Safari versions 1.3.1 through 2.0.3, consider avoiding the use of TD elements with large numbers in the `rowspan` attribute until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.