Skalucy

**Name of the Vulnerable Software and Affected Versions** Link Whisper versions prior to 0.9.0 **Description** The software contains a flaw due to improper handling of user-supplied data when creating web pages, leading to a potential Reflected Cross-Site Scripting (XSS) issue. This allows an attacker to inject malicious scripts into a web page viewed by other users. The vulnerability affects the Link Whisper Free software. **Recommendations** Update to a version newer than 0.9.0.

**Name of the Vulnerable Software and Affected Versions** Jetpack CRM versions through 6.7.0 **Description** A flaw exists in Automattic Jetpack CRM that allows for PHP Local File Inclusion due to improper control of filename for include/require statements. This issue impacts the software when handling file inclusion operations. **Recommendations** Update Jetpack CRM to a version newer than 6.7.0.

**Name of the Vulnerable Software and Affected Versions** Simple XML Sitemap versions prior to 1.3 **Description** The software contains a Cross-Site Request Forgery (CSRF) issue that also allows for Stored Cross-Site Scripting (XSS). **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** WP-EasyArchives versions through 3.1.2 **Description** A Cross-Site Request Forgery (CSRF) issue exists in WP-EasyArchives, which can also lead to Stored Cross-Site Scripting (XSS). This allows an attacker to potentially perform actions on behalf of an authenticated user without their knowledge. **Recommendations** Update WP-EasyArchives to a version later than 3.1.2.

**Name of the Vulnerable Software and Affected Versions** Page Carbajal Custom Post Status versions through 1.1.0 **Description** A Cross-Site Request Forgery (CSRF) issue exists in Page Carbajal Custom Post Status, which can also lead to Stored Cross-Site Scripting (XSS). The issue impacts the Custom Post Status functionality. **Recommendations** Update Page Carbajal Custom Post Status to a version later than 1.1.0.

**Name of the Vulnerable Software and Affected Versions** Marcin Kijak Noindex by Path versions through 1.0 **Description** A Cross-Site Request Forgery (CSRF) issue exists in Marcin Kijak Noindex by Path, which also allows Stored Cross-Site Scripting (XSS). The issue affects the application's functionality, potentially allowing an attacker to perform actions on behalf of an authenticated user without their knowledge. **Recommendations** Versions prior to 1.0 should be updated.

**Name of the Vulnerable Software and Affected Versions** SensitiveTagCloud versions through 1.4.1 **Description** A Cross-Site Request Forgery (CSRF) issue exists in SensitiveTagCloud, which also allows for Stored Cross-Site Scripting (XSS). This allows an attacker to potentially perform actions on behalf of an authenticated user without their knowledge. **Recommendations** Update SensitiveTagCloud to a version later than 1.4.1.

**Name of the Vulnerable Software and Affected Versions** Wolfgang Häfelinger Custom Style versions through 1.0 **Description** A Cross-Site Request Forgery (CSRF) issue exists in Wolfgang Häfelinger Custom Style, which also allows for Stored Cross-Site Scripting (XSS). This allows an attacker to potentially perform actions on behalf of an authenticated user without their knowledge. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Simple Archive Generator versions through 5.2 **Description** A Cross-Site Request Forgery (CSRF) issue exists in Simple Archive Generator, which also allows for Stored Cross-Site Scripting (XSS). The issue allows for unauthorized actions to be performed on behalf of an authenticated user. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Socialprofilr versions through 1.0 **Description** The software contains a Cross-Site Request Forgery (CSRF) flaw and allows Stored Cross-Site Scripting (XSS). **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Mindstien Technologies Recent Posts From Each Category versions 1.4 and earlier **Description** The Recent Posts From Each Category plugin contains a Cross-Site Request Forgery (CSRF) issue and a Stored Cross-Site Scripting (XSS) issue. The CSRF flaw could allow an attacker to perform actions on behalf of an authenticated user. The Stored XSS flaw could allow an attacker to inject malicious scripts into the application, which could be executed by other users. **Recommendations** Versions prior to 1.4 should be updated.

**Name of the Vulnerable Software and Affected Versions** titopandub Evergreen Post Tweeter versions through 1.8.9 **Description** A Cross-Site Request Forgery (CSRF) issue exists in titopandub Evergreen Post Tweeter, potentially allowing for Stored Cross-Site Scripting (XSS). The issue affects the `evergreen-post-tweeter` component. **Recommendations** Update titopandub Evergreen Post Tweeter to a version newer than 1.8.9.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Marco Milesi ANAC XML Bandi di Gara avcp allows Reflected XSS.This issue affects ANAC XML Bandi di Gara: from n/a through <= 7.7.

**Name of the Vulnerable Software and Affected Versions** FolioVision FV Antispam versions through 2.7 **Description** The software contains a flaw related to improper input handling during web page generation, specifically a Reflected Cross-Site Scripting issue. This allows for the injection of malicious scripts through web pages. **Recommendations** Update FolioVision FV Antispam to a version newer than 2.7.

**Name of the Vulnerable Software and Affected Versions** Bob Hostel versions through 1.1.5.9 **Description** A Reflected Cross-Site Scripting (XSS) issue exists in Bob Hostel hostel. This allows for the injection of malicious scripts through web page generation due to improper input neutralization. The issue affects the hostel application. **Recommendations** Update Bob Hostel to a version later than 1.1.5.9.

**Name of the Vulnerable Software and Affected Versions** Joovii Sendle Shipping versions through 6.02 **Description** A Cross-Site Request Forgery (CSRF) issue exists in Joovii Sendle Shipping. This allows attackers to perform actions on behalf of unsuspecting users. The issue allows Cross Site Request Forgery. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Floating Window Music Player versions through 3.4.2 **Description** A Cross-Site Request Forgery (CSRF) vulnerability exists in ericzane Floating Window Music Player, which also allows Stored Cross-Site Scripting (XSS). **Recommendations** Update Floating Window Music Player to a version later than 3.4.2.

**Name of the Vulnerable Software and Affected Versions** eboekhouden versions n/a through 1.9.3 **Description** The software contains a Reflected Cross-site Scripting (XSS) issue due to improper neutralization of input during web page generation. **Recommendations** Update eboekhouden to a version later than 1.9.3.

**Name of the Vulnerable Software and Affected Versions** XmasB Quotes versions through 1.6.1 **Description** The software contains a reflected cross-site scripting (XSS) issue due to improper neutralization of input during web page generation. **Recommendations** Update to a version later than 1.6.1.

**Name of the Vulnerable Software and Affected Versions** undoIT Theme Switcher Reloaded versions through 1.1 **Description** The software contains a Reflected Cross-Site Scripting (XSS) issue due to improper neutralization of input during web page generation. **Recommendations** Update to a version later than 1.1.