Soot

**Name of the Vulnerable Software and Affected Versions** DeltaScripts Pro Publish (affected versions not specified) **Description** The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML. Specifically, the vulnerabilities are found in the `artid` parameter in "art.php" and the `catname` parameter in "cat.php". **Recommendations** For DeltaScripts Pro Publish, consider disabling the `art.php` and `cat.php` scripts until a patch is available. Restrict access to the `artid` and `catname` parameters in the affected scripts to minimize the risk of exploitation. Avoid using the `artid` parameter in the "art.php" script and the `catname` parameter in the "cat.php" script until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Sphider (affected versions not specified) **Description** The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML via the `PATH INFO` and the `category` parameter in the "search.php" file. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** PhpRemoteView versions prior to 2003-10-23 **Description** The issue allows remote attackers to inject arbitrary web script or HTML via the `f`, `d`, and `ref` parameters, and the "MAKE DIR" and "Full file name" fields. This can be exploited by injecting malicious code into these parameters and fields. **Recommendations** For versions prior to 2003-10-23, as a temporary workaround, consider restricting access to the `f`, `d`, and `ref` parameters, and the "MAKE DIR" and "Full file name" fields in PRV.php until a patch is available. Avoid using these parameters and fields in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Clansys (aka Clanpage System) version 1.1 **Description** The issue is related to a cross-site scripting (XSS) vulnerability. This vulnerability allows remote attackers to inject arbitrary web script or HTML via the `page` parameter in the "index.php" file. **Recommendations** For Clansys (aka Clanpage System) version 1.1, as a temporary workaround, consider restricting access to the "index.php" file or validating and sanitizing the `page` parameter to prevent injection of malicious scripts. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Clansys (aka Clanpage System) versions 1.0 through 1.1 **Description** The issue is related to a cross-site scripting (XSS) vulnerability. It allows remote attackers to inject arbitrary web script or HTML via the `func` parameter in a search function. **Recommendations** For Clansys (aka Clanpage System) versions 1.0 through 1.1, as a temporary workaround, consider restricting access to the search function until a patch is available. Avoid using the `func` parameter in the affected search function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ExtCalendar versions 1.0 through 1.0 **Description** A cross-site scripting issue allows remote attackers to inject arbitrary web script or HTML via the `year`, `month`, `next`, and `prev` parameters in the calendar.php file. **Recommendations** For ExtCalendar versions 1.0, consider updating to version 2.0 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Contrexx CMS versions 1.0.8 and earlier **Description** A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML via the query string in the `PHP SELF` variable. This can be achieved by manipulating the query string in the index.php file. **Recommendations** For Contrexx CMS versions 1.0.8 and earlier, consider updating to a version later than 1.0.8 to resolve the issue. As a temporary workaround, restrict access to the index.php file to minimize the risk of exploitation. Avoid using the `PHP SELF` variable in the query string until the issue is resolved.