Sikikmail

**Name of the Vulnerable Software and Affected Versions** Zomplog version 3.4 **Description** The issue allows remote attackers to inject arbitrary web script or HTML via specific parameters in various PHP files. The vulnerable parameters include the `name` and `comment` parameters in 'detail.php', the `username` parameter in 'get.php', and the `search` parameter in 'index.php'. **Recommendations** For Zomplog version 3.4, consider restricting access to the vulnerable parameters `name`, `comment`, `username`, and `search` in their respective PHP files until a patch is available. As a temporary workaround, avoid using these parameters in 'detail.php', 'get.php', and 'index.php' to minimize the risk of exploitation.