Raúl Benencia

**Name of the Vulnerable Software and Affected Versions** xmonad-contrib versions prior to 0.11.2 **Description** The issue allows remote attackers to execute arbitrary commands via a web page title. This can be achieved when the user clicks on the xmobar window title, as demonstrated using an action tag. The XMonad.Hooks.DynamicLog module in xmonad-contrib is affected, potentially leading to disruption of confidentiality, integrity, and availability of protected information. **Recommendations** For versions prior to 0.11.2, update to version 0.11.2 or later to resolve the issue. As a temporary workaround, consider disabling the XMonad.Hooks.DynamicLog module until a patch is available. Restrict access to the xmobar window title to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** ikiwiki versions prior to 3.20120516 **Description** The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML via the `author` or `authorurl` meta tags. **Recommendations** For versions prior to 3.20120516, update to version 3.20120516 or later to resolve the issue.