Daniel Ricardo Dos Santos

**Name of the Vulnerable Software and Affected Versions** Network Weathermap versions prior to 0.97b **Description** A cross-site scripting issue exists, allowing remote attackers to inject arbitrary web script or HTML. This is achieved via the `map title` parameter in the editor.php file. **Recommendations** For versions prior to 0.97b, update to version 0.97b or later to resolve the issue. As a temporary workaround, consider restricting access to the editor.php file or sanitizing input for the `map title` parameter to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Aspen versions prior to 0.22 **Description** The issue allows remote attackers to read arbitrary files by utilizing a .. (dot dot) in the default URI, which enables directory traversal. **Recommendations** For versions prior to 0.22, update to version 0.22 or later to resolve the issue.