Mowoe

**Name of the Vulnerable Software and Affected Versions** Shaarli versions prior to 0.16.0 **Description** Shaarli is a personal bookmarking service susceptible to a cross-site scripting (XSS) issue. A malicious tag beginning with a double quote (`"`) can prematurely terminate the `<input>` tag on the start page, enabling an attacker to inject arbitrary HTML. This could lead to the execution of malicious scripts in a user's browser. **Recommendations** Update to version 0.16.0 or later.

**Name of the Vulnerable Software and Affected Versions** Micro Registration Utility (µURU) versions up to and including commit 88db9a953f38a3026bcd6816d51c7f3b93c55893 **Description** The Micro Registration Utility (µURU), a telephone self registration utility based on asterisk, contains a flaw due to improper input validation. An attacker can craft a specific federation name, injecting characters treated specially by asterisk into the `Dial()` application. This allows redirection of calls on both federating instances. Successful exploitation requires an administrator to accept federation requests. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.