Cfreer

**Name of the Vulnerable Software and Affected Versions** GeniXCMS versions prior to 0.0.3-patch **Description** The issue concerns SQL injection vulnerabilities in the inc/lib/User.class.php file. Remote attackers can execute arbitrary SQL commands via the `email` parameter or the `userid` parameter to the "register.php" endpoint. **Recommendations** For versions prior to 0.0.3-patch, update to version 0.0.3-patch or later to resolve the issue. As a temporary workaround, consider restricting access to the "register.php" endpoint to minimize the risk of exploitation. Avoid using the `email` and `userid` parameters in the affected endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Joomla! versions 3.4.x through 3.4.3 **Description** A cross-site scripting (XSS) issue exists in the login module, allowing remote attackers to inject arbitrary web script or HTML. This can be achieved via unspecified vectors. **Recommendations** For versions 3.4.x through 3.4.3, update to version 3.4.4 or later to resolve the issue.