Igor Landyrev

**Name of the Vulnerable Software and Affected Versions** ZEROF Web Server version 2.0 **Description** The issue allows for SQL Injection via the /HandleEvent endpoint. **Recommendations** For ZEROF Web Server version 2.0, consider restricting access to the /HandleEvent endpoint until a patch is available. Avoid using user-supplied input in SQL queries to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ZEROF Web Server version 2.0 **Description** The issue allows for XSS in the /admin.back endpoint. **Recommendations** For ZEROF Web Server version 2.0, consider restricting access to the /admin.back endpoint until a fix is available.