Linux_Root

**Name of the Vulnerable Software and Affected Versions** OpenWiki version 0.78 **Description** A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via the `p` parameter in the ow.asp file. This issue has been disputed by the vendor, who claims that code injection is not possible due to escaping of URL parameters and wikipage content. **Recommendations** For OpenWiki version 0.78, consider restricting access to the ow.asp file or the `p` parameter to minimize the risk of exploitation, as a temporary workaround until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** IceWarp WebMail versions 5.5.1 and earlier **Description** A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML via the `PHPSESSID` parameter. **Recommendations** For IceWarp WebMail versions 5.5.1 and earlier, update to a version later than 5.5.1 to resolve the issue.