Cesar

Name of the Vulnerable Software and Affected Versions: Drupal Core versions 7.0 through 7.101 Description: The issue affects Drupal Core, allowing Cross-Site Scripting (XSS) due to improper neutralization of input during web page generation. This enables an attacker to conduct a cross-site scripting attack. Recommendations: For versions 7.0 through 7.101, update to version 7.102 or later to resolve the issue. As a temporary workaround, consider restricting user input to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Yahoo! Audio Conferencing (aka Voice Chat) versions prior to 1.0.0.45 **Description** The issue is related to a buffer overflow in the ActiveX control, which can be triggered by a URL with a long hostname to Yahoo! Messenger or Yahoo! Chat. This can cause a denial of service and potentially allow remote attackers to execute arbitrary code. **Recommendations** For versions prior to 1.0.0.45, update to version 1.0.0.45 or later to resolve the issue. As a temporary workaround, consider restricting access to the ActiveX control until a patch is applied.