Jose Carlos Norte

**Name of the Vulnerable Software and Affected Versions** MG2 (formerly Minigal) (affected versions not specified) **Description** The issue is related to a cross-site scripting (XSS) vulnerability. This vulnerability allows remote attackers to inject arbitrary web script or HTML via the `list` parameter in an import action in the admin.php file. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** WordPress (affected versions not specified) **Description** A cross-site scripting (XSS) issue exists in WordPress, specifically in the sidebar.php file when custom 404 pages are used that call get sidebar. This allows remote attackers to inject arbitrary web script or HTML via the query string (PHP SELF). **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** eyeOS versions prior to 0.9.1 **Description** The issue involves multiple cross-site scripting (XSS) vulnerabilities that allow remote attackers to inject arbitrary web script or HTML. This is possible via unspecified vectors involving eyeNav and system/baixar.php. **Recommendations** For versions prior to 0.9.1, update to version 0.9.1 or later to resolve the issue. As a temporary workaround, consider restricting access to eyeNav and system/baixar.php to minimize the risk of exploitation.