K3

**Name of the Vulnerable Software and Affected Versions** OpenFAQ version 0.4.0 **Description** A cross-site scripting issue allows remote attackers to inject arbitrary web script or HTML via the `q` parameter in the "submit.php" file. **Recommendations** For OpenFAQ version 0.4.0, consider validating and sanitizing user input for the `q` parameter to prevent injection of malicious scripts. As a temporary workaround, restrict access to the submit.php file until a patch is available.

**Name of the Vulnerable Software and Affected Versions** zawhttpd versions 0.8.23 and possibly previous versions **Description** The issue allows remote attackers to cause a denial of service, resulting in the daemon crashing, by sending a request for a URI composed of several "" (backslash) characters. **Recommendations** For versions 0.8.23 and possibly previous versions, consider restricting access to the zawhttpd service until a patch is available to prevent remote attackers from causing a denial of service.