Knight Commander

**Name of the Vulnerable Software and Affected Versions** Invision Board Forum (affected versions not specified) **Description** The issue allows remote attackers to execute arbitrary SQL queries via the `st` parameter in the "search.php" file. This can be exploited by sending a crafted request to the '/search.php' endpoint. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: XMB Forum version 1.8 Partagium Description: The issue concerns cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to insert arbitrary script via specific parameters. The affected parameters include the `member` parameter to "member.php" and the `action` parameter to "buddy.php". Recommendations: For XMB Forum version 1.8 Partagium, update the software to a version that includes a fix for the XSS vulnerabilities. As a temporary workaround, consider restricting access to the "member.php" and "buddy.php" files to minimize the risk of exploitation. Avoid using the `member` and `action` parameters in the affected API endpoints until the issue is resolved.