Sid3^Effects Aka Hari

**Name of the Vulnerable Software and Affected Versions** VideoWhisper PHP 2 Way Video Chat component for Joomla (affected versions not specified) **Description** The issue is related to a cross-site scripting (XSS) vulnerability. This vulnerability allows remote attackers to inject arbitrary web script or HTML via the `r` parameter to "index.php". **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Joomla! Jobs Pro component version 1.6.4 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `detailed results` parameter to the "search jobs.html" endpoint. **Recommendations** For version 1.6.4, consider restricting access to the "search jobs.html" endpoint until a patch is available. As a temporary workaround, avoid using the `detailed results` parameter in the affected endpoint to minimize the risk of exploitation.