Adrian Castro

**Name of the Vulnerable Software and Affected Versions** VirtueMart (formerly known as mambo-phpShop) Joomla! eCommerce Edition CMS version 1.0.11 and possibly earlier **Description** The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML via the `Itemid` parameter in specific actions, including (1) com contact or (2) subscribe action. **Recommendations** For VirtueMart (formerly known as mambo-phpShop) Joomla! eCommerce Edition CMS version 1.0.11 and possibly earlier, consider restricting access to the `Itemid` parameter in the affected actions until a patch is available. As a temporary workaround, avoid using the `Itemid` parameter in the com contact and subscribe actions. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** WiredRed e/pop Web Conferencing version 4.1.0.755 **Description** The issue is related to a cross-site scripting (XSS) vulnerability, which allows remote authenticated users to inject arbitrary web script or HTML. This is achieved by manipulating the topic name of a conference. **Recommendations** For version 4.1.0.755, consider restricting the ability to create or modify conference topic names to prevent arbitrary web script or HTML injection until a patch is available.