Cyrille Barthelemy

**Name of the Vulnerable Software and Affected Versions** Joomla! versions 1.6.x through 1.7.3 **Description** The issue allows remote attackers to obtain sensitive information via unknown vectors. **Recommendations** For Joomla! versions 1.6.x through 1.7.3, update to version 1.7.4 or later to resolve the issue.

Name of the Vulnerable Software and Affected Versions: phpCMS versions 1.2.1 and earlier Description: A cross-site scripting (XSS) issue exists in the parser.php file of phpCMS, allowing remote attackers to inject arbitrary web script or HTML via the `file` parameter when non-stealth and debug modes are enabled. Recommendations: For phpCMS versions 1.2.1 and earlier, consider disabling non-stealth and debug modes to minimize the risk of exploitation until a patch is available. Restrict access to the parser.php file to prevent remote attackers from injecting malicious scripts.

Name of the Vulnerable Software and Affected Versions: phpCMS versions 1.2.1 and earlier Description: The issue allows remote attackers to gain sensitive information via an invalid `file` parameter, which reveals the web server's installation path. This occurs when non-stealth and debug modes are enabled. Recommendations: For phpCMS versions 1.2.1 and earlier, consider disabling non-stealth and debug modes to minimize the risk of exploitation. Additionally, restrict access to the `parser.php` file until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.