Nijel

**Name of the Vulnerable Software and Affected Versions** Weblate versions prior to 5.17.1 **Description** The Markdown renderer used in user comments and other user-provided content fails to properly sanitize certain attributes, which could allow the injection of code into the HTML. **Recommendations** Update to version 5.17.1. As a mitigation measure, ensure a strict Content Security Policy (CSP) is implemented to reduce the risks associated with HTML code injection.

**Name of the Vulnerable Software and Affected Versions** Weblate versions prior to 4.11 **Description** Weblate is a copyleft software web-based continuous localization system. Versions prior to 4.11 do not properly neutralize user input used in `user name` and `language` fields. Due to this improper neutralization, it is possible to perform cross-site scripting via these fields. **Recommendations** For versions prior to 4.11, users are advised to add their own neutralize logic to prevent cross-site scripting attacks. As a temporary workaround, consider adding input validation for `user name` and `language` fields until a patch is available. For users who can upgrade, the issues were fixed in the 4.11 release.

**Name of the Vulnerable Software and Affected Versions** phpMyAdmin versions 3.5.x through 4.0.4 **Description** The issue allows remote attackers to bypass the clickjacking protection mechanism via certain vectors related to Header.class.php. **Recommendations** For versions 3.5.x through 4.0.4, update to version 4.0.5 or later to resolve the issue.