J4Cky1028

**Name of the Vulnerable Software and Affected Versions** DooTask version 1.6.27 **Description** The software contains a Cross-Site Scripting (XSS) issue. The issue is located in the `/manage/project/<id>` page, specifically through the `projectDesc` input field. Input provided to this field can lead to the execution of malicious scripts. **Recommendations** Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, sanitize the `projectDesc` input field to prevent the injection of malicious scripts.

**Name of the Vulnerable Software and Affected Versions** miniTCG version 1.3.1 beta **Description** A cross-site scripting (XSS) issue allows attackers to execute arbitrary web scripts or HTML by injecting a crafted payload into the `id` parameter at the "/members/edit.php" API endpoint. **Recommendations** For miniTCG version 1.3.1 beta, avoid using the `id` parameter in the "/members/edit.php" API endpoint until the issue is resolved. As a temporary workaround, consider validating and sanitizing user input for the `id` parameter to prevent malicious payload injection.