Galiarept

**Name of the Vulnerable Software and Affected Versions** Lilikoi Software Ceilidh versions 2.70 and earlier **Description** A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via the query string. This could potentially lead to unauthorized actions on the affected system. **Recommendations** For versions 2.70 and earlier, update to a version later than 2.70 to resolve the issue. As a temporary workaround, consider restricting access to the query string parameter to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** MyABraCaDaWeb versions 1.0.2 and earlier **Description** The issue allows remote attackers to obtain sensitive information via an invalid `IDAdmin` or other parameter. This is achieved by revealing the installation path in an error message. **Recommendations** For MyABraCaDaWeb versions 1.0.2 and earlier, as a temporary workaround, consider restricting access to sensitive parameters such as `IDAdmin` to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** XOOPS versions 2.0 and earlier **Description** The issue allows remote attackers to obtain sensitive information via an invalid `xoopsOption` parameter. This is achieved by revealing the installation path in an error message. **Recommendations** For XOOPS versions 2.0 and earlier, consider restricting access to the vulnerable parameter `xoopsOption` to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.