Meto5757

**Name of the Vulnerable Software and Affected Versions** digiSHOP version 4.0 **Description** The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML via the `sortBy` or `search` parameters in the cart.php file. **Recommendations** For digiSHOP version 4.0, update the cart.php file to properly sanitize the `sortBy` and `search` parameters to prevent arbitrary web script or HTML injection. As a temporary workaround, consider restricting access to the cart.php file until a patch is available. Avoid using the `sortBy` and `search` parameters in the affected cart.php file until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** PHP Invoice version 2.2 **Description** A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML via the `alert` parameter in the home.php file. **Recommendations** For PHP Invoice version 2.2, consider restricting access to the `alert` parameter in the home.php file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Ktools.net PhotoStore (affected versions not specified) **Description** The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML. Specifically, the vulnerabilities are found in the `gid` parameter in `details.php` and the `photogid` parameter in `view photog.php`. **Recommendations** For the vulnerability in `details.php`, consider restricting the input for the `gid` parameter to prevent arbitrary script injection until a fix is available. For the vulnerability in `view photog.php`, consider restricting the input for the `photogid` parameter to prevent arbitrary script injection until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Opial Audio/Video Download Management version 1.0 **Description** The issue concerns a cross-site scripting (XSS) vulnerability. This vulnerability allows remote attackers to inject arbitrary web script or HTML via the `destination` parameter in the "Login view". **Recommendations** For Opial Audio/Video Download Management version 1.0, consider restricting access to the `destination` parameter in the Login view to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Jamroom versions 3.0.16 and earlier **Description** A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML via the `forgot` parameter in the forgot mode of the login.php file. **Recommendations** For Jamroom versions 3.0.16 and earlier, update to a version that fixes this issue, as using the forgot parameter in the forgot mode of the login.php file poses a risk of XSS attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** NextAge Cart (affected versions not specified) **Description** The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML via specific parameters in index.php, including the `CatId` parameter in a product category action and the `SearchWd` parameter in an index search action. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** eSyndiCat Portal System (affected versions not specified) **Description** The issue is related to a cross-site scripting (XSS) vulnerability. It affects the search.php file and allows remote attackers to inject arbitrary web script or HTML via the `what` parameter. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Innovate Portal version 2.0 **Description** The issue is related to a cross-site scripting (XSS) vulnerability. This vulnerability allows remote attackers to inject arbitrary web script or HTML via the `content` parameter in the "index.php" file. **Recommendations** For Innovate Portal version 2.0, avoid using the `content` parameter in the index.php file until a fix is available. As a temporary workaround, consider validating and sanitizing all user input to prevent malicious script injection.