Daniel Bishtawi

**Name of the Vulnerable Software and Affected Versions** HTMLy version 2.7.4 **Description** The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML. The affected parameters include the `destination` parameter in the delete and edit features, and the `content` parameter in the profile feature. **Recommendations** For HTMLy version 2.7.4, as a temporary workaround, consider restricting access to the delete and edit features, and avoid using the `content` parameter in the profile feature until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: AbanteCart version 1.2.12 Description: The issue is related to reflected cross-site scripting (XSS) that can be triggered via the `sort` parameter. An example of exploitation is demonstrated by a substring in the URL '/apparel--accessories?sort='. Recommendations: For AbanteCart version 1.2.12, consider restricting access to the `sort` parameter in the affected API endpoint until a patch is available. As a temporary workaround, avoid using the `sort` parameter in URLs to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Zenphoto version 1.4.14 Description: The issue is related to multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities can be exploited via different URL parameters. Recommendations: For Zenphoto version 1.4.14, update to a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Microweber version 1.0.8 **Description** The issue is related to reflected cross-site scripting (XSS), which can potentially allow attackers to inject malicious scripts into websites. **Recommendations** For Microweber version 1.0.8, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Kanboard versions prior to 1.2.8 **Description** The issue is related to a problem in the pagination sorting functionality. It allows for XSS, which can be exploited. **Recommendations** For versions prior to 1.2.8, update to version 1.2.8 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Plikli CMS version 4.0.0 **Description** The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML via specific parameters in various PHP files. The affected parameters include the `keyword` parameter to "groups.php", the `username` parameter to "login.php", and the `date` parameter to "search.php". **Recommendations** For Plikli CMS version 4.0.0, consider disabling access to the affected PHP files, specifically "groups.php", "login.php", and "search.php", until a patch is available. Restrict input for the `keyword`, `username`, and `date` parameters to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Plikli CMS version 4.0.0 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via the `id` parameter to "join group.php" or the `comment id` parameter to "story.php". **Recommendations** For Plikli CMS version 4.0.0, avoid using the `id` parameter in "join group.php" and the `comment id` parameter in "story.php" until a fix is available. Consider restricting access to these parameters to minimize the risk of exploitation.