Psymera

**Name of the Vulnerable Software and Affected Versions** CjTagBoard version 3.0 **Description** The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML via specific parameters. The vulnerable parameters include `date`, `time`, `name`, `ip`, `agent`, and `msg`. **Recommendations** For CjTagBoard version 3.0, as a temporary workaround, consider validating and sanitizing user input for the `date`, `time`, `name`, `ip`, `agent`, and `msg` parameters to prevent XSS attacks. Restrict access to the details.php file until a proper fix is applied. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** CjLinkOut version 1.0 **Description** A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via the `123` parameter in the top.php file. This could potentially lead to unauthorized actions on the affected system. **Recommendations** For CjLinkOut version 1.0, consider restricting access to the top.php file or avoiding the use of the `123` parameter until a fix is available. As a temporary workaround, disabling the execution of scripts from this parameter may help mitigate the risk.

**Name of the Vulnerable Software and Affected Versions** CjWeb2Mail version 3.0 **Description** The issue allows remote attackers to inject arbitrary web script or HTML via specific parameters, including the `name`, `message`, or `ip` parameter to 'thankyou.php' or the `emsg` parameter to 'web2mail.php'. **Recommendations** For CjWeb2Mail version 3.0, consider validating and sanitizing user input for the `name`, `message`, `ip`, and `emsg` parameters to prevent arbitrary web script or HTML injection. As a temporary workaround, restrict access to 'thankyou.php' and 'web2mail.php' to minimize the risk of exploitation.