Emgent

**Name of the Vulnerable Software and Affected Versions** Gitweb versions 1.7.3.3 and earlier **Description** The issue allows remote attackers to inject arbitrary web script or HTML. This is achieved via the `f` and `fp` parameters. **Recommendations** For Gitweb versions 1.7.3.3 and earlier, avoid using the `f` and `fp` parameters in affected API endpoints until the issue is resolved. As a temporary workaround, consider restricting access to the parameters `f` and `fp` to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** PhpMyAdmin versions prior to 3.4.0-beta1 **Description** The issue allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted BBcode tag containing "@" characters. This can be demonstrated using a tag such as "[a@url@page]" in the error.php file. **Recommendations** For versions prior to 3.4.0-beta1, update to version 3.4.0-beta1 or later to resolve the issue.