Pyske

**Name of the Vulnerable Software and Affected Versions** Joomla! component JProjects (com j-projects) (affected versions not specified) **Description** A SQL injection issue allows remote attackers to execute arbitrary SQL commands. This is achieved by manipulating the `project` parameter in a `projects` action to `index.php`. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** com qpersonel version 1.0.2 RC2 **Description** A cross-site scripting issue exists, allowing remote attackers to inject arbitrary web script or HTML. This is achieved via the `personel sira` parameter in a "sirala" action to "index.php". **Recommendations** For version 1.0.2 RC2, avoid using the `personel sira` parameter in the "sirala" action to "index.php" until the issue is resolved. As a temporary workaround, consider restricting access to the "index.php" endpoint with a "sirala" action to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Joomla! Facileforms (com facileforms) component (affected versions not specified) **Description** A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via the `Itemid` parameter to "index.php". This could potentially lead to unauthorized actions on the affected system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.