Mcblog

**Name of the Vulnerable Software and Affected Versions** OneNav version 0.9.12 **Description** The issue allows information disclosure of the onenav.db3 contents. The vendor recommends blocking access via an NGINX configuration file. **Recommendations** For OneNav version 0.9.12, block the access to the onenav.db3 file via an NGINX configuration file as a recommended solution by the vendor.

**Name of the Vulnerable Software and Affected Versions** imgURL version 2.31 **Description** The issue allows for XSS (Cross-Site Scripting) attacks via the X-Forwarded-For HTTP header. **Recommendations** For imgURL version 2.31, consider restricting access to the X-Forwarded-For HTTP header to minimize the risk of XSS attacks until a patch is available.