Red_Casper

**Name of the Vulnerable Software and Affected Versions** Kayako eSupport version 3.00.90 **Description** A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML. This is achieved via the ` m` parameter in the index.php file. **Recommendations** For Kayako eSupport version 3.00.90, update to a version that fixes this issue to prevent remote attackers from injecting arbitrary web script or HTML. As a temporary workaround, consider restricting access to the index.php file or validating and sanitizing the ` m` parameter to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: LuckyBot version 3 Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in the `dir` parameter to (1) "run.php" or (2) "ircbot.class.php" endpoints. Recommendations: For LuckyBot version 3, consider restricting access to the "run.php" and "ircbot.class.php" endpoints to minimize the risk of exploitation. Avoid using the `dir` parameter in these endpoints until the issue is resolved.