Iliketurtles

**Name of the Vulnerable Software and Affected Versions** CookieViz versions prior to 1.0.1 **Description** A SQL injection issue allows remote web servers to execute arbitrary SQL commands via the `domain` parameter in the info.php file. **Recommendations** For versions prior to 1.0.1, update to version 1.0.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the info.php file or validating and sanitizing the `domain` parameter to prevent SQL injection attacks.

**Name of the Vulnerable Software and Affected Versions** CookieViz (affected versions not specified) **Description** A cross-site scripting (XSS) issue exists, allowing remote web servers to inject arbitrary web script or HTML via the `max date` parameter in the json.php file. **Recommendations** As a temporary workaround, consider restricting access to the json.php file until a patch is available. Avoid using the `max date` parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.