Daiki Fukumori

**Name of the Vulnerable Software and Affected Versions** Phormer versions prior to 3.35 **Description** The issue allows a remote unauthenticated attacker to execute an arbitrary script on the user's web browser. This is a cross-site scripting vulnerability. **Recommendations** For versions prior to 3.35, update to version 3.35 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Sharp EVA Animeter (affected versions not specified) **Description** A buffer overflow issue exists in the ActiveX control of Sharp EVA Animeter, allowing remote attackers to execute arbitrary code through a crafted web page. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Dojo Toolkit versions prior to 1.2.0 **Description** A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML. The package fails to sanitize HTML code in user-controlled input, allowing attackers to execute arbitrary JavaScript in the victim's browser. **Recommendations** Upgrade to version 1.2.0 or later.

**Name of the Vulnerable Software and Affected Versions** AjaXplorer version 2.0 **Description** A directory traversal issue allows remote attackers to read arbitrary files. **Recommendations** For version 2.0, update to a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** FreeBit ELPhoneBtnV6 ActiveX control (affected versions not specified) **Description** The issue is related to a buffer overflow in the ExecCall method in c2lv6.ocx, which is part of the FreeBit ELPhoneBtnV6 ActiveX control. This allows remote attackers to execute arbitrary code via a crafted HTML document. The problem is connected to the discontinued "Click to Live" service. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cacti versions prior to 0.8.8d **Description** A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML. **Recommendations** For versions prior to 0.8.8d, update to version 0.8.8d or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Cacti versions prior to 0.8.6f **Description** The issue allows remote authenticated users to execute arbitrary SQL commands. This is achieved via the `local graph id` parameter in the "graph.php" file. **Recommendations** For versions prior to 0.8.6f, update to version 0.8.6f or later to resolve the issue. As a temporary workaround, consider restricting access to the "graph.php" file to minimize the risk of exploitation. Avoid using the `local graph id` parameter in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** LinPHA (affected versions not specified) **Description** A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Sybase EAServer versions prior to 6.1 **Description** A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML. This can be achieved via unspecified vectors. **Recommendations** For versions prior to 6.1, update to version 6.1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** FeedDemon versions prior to 4.0 **Description** A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via a feed when the feed preview option is enabled. **Recommendations** For FeedDemon versions prior to 4.0, update to version 4.0 or later to resolve the issue. As a temporary workaround, consider disabling the feed preview option until a patch is available.

**Name of the Vulnerable Software and Affected Versions** RSSOwl versions prior to 2.1.1 **Description** A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via a feed. **Recommendations** For versions prior to 2.1.1, update to version 2.1.1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Segue versions 2.2.10.2 and earlier **Description** The issue allows remote attackers to execute arbitrary SQL commands via unspecified vectors. This can potentially lead to unauthorized access or manipulation of database content. **Recommendations** For Segue versions 2.2.10.2 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Segue versions 2.2.10.2 and earlier **Description** The issue allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, which is a cross-site scripting (XSS) vulnerability. **Recommendations** For Segue versions 2.2.10.2 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** glucose versions prior to 6.2 **Description** The issue allows remote attackers to inject arbitrary web script or HTML via an RSS feed, which can lead to cross-site scripting (XSS) attacks. **Recommendations** For versions prior to 6.2, update to version 6.2 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Etomite versions prior to 1.1 **Description** A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML. **Recommendations** For versions prior to 1.1, update to version 1.1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** phpWebSite versions prior to 1.0.0 **Description** The issue is related to a cross-site scripting (XSS) vulnerability, which allows remote attackers to inject arbitrary web script or HTML. This can be achieved via unspecified vectors. **Recommendations** For versions prior to 1.0.0, update to version 1.0.0 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Plume versions prior to 1.2.3 **Description** A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML. **Recommendations** For versions prior to 1.2.3, update to version 1.2.3 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Iwate Portal Bar (affected versions not specified) **Description** A cross-site scripting (XSS) issue exists in the RSS/Atom feed-reader implementation, allowing remote attackers to inject arbitrary web script or HTML via a crafted feed. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Apple WebObjects versions 5.2 and earlier **Description** A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML. **Recommendations** For Apple WebObjects versions 5.2 and earlier, update to a version later than 5.2 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Pligg versions prior to 1.2.0 **Description** A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML. **Recommendations** For versions prior to 1.2.0, update to version 1.2.0 or later to resolve the issue.