Josh Gilmour

**Name of the Vulnerable Software and Affected Versions** AntiBoard versions 0.7.2 and earlier **Description** A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary HTML or web script via the `feedback` parameter in the antiboard.php file. **Recommendations** For AntiBoard versions 0.7.2 and earlier, avoid using the `feedback` parameter in the antiboard.php file until a fix is available. As a temporary workaround, consider restricting access to the antiboard.php file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** ArbitroWeb version 0.6 **Description** A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary script or HTML via the `rawURL` parameter. This can lead to the execution of malicious code on the victim's browser. **Recommendations** For ArbitroWeb version 0.6, avoid using the `rawURL` parameter until a fix is available. As a temporary workaround, consider validating and sanitizing all user-input data to prevent malicious code injection.