Tasosy2K

**Name of the Vulnerable Software and Affected Versions** nbubna store versions 2.14.2 and earlier **Description** The issue allows a remote attacker to execute arbitrary code via the store.deep.js component. This is a Cross Site Scripting vulnerability, which can be exploited by a remote attacker. **Recommendations** For versions 2.14.2 and earlier, consider disabling the store.deep.js component as a temporary workaround until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** http.zig version 76cf5 **Description** A CRLF injection issue was found in http.zig, affecting the `url` parameter. **Recommendations** For version 76cf5, consider avoiding the use of the `url` parameter until a fix is available. At the moment, there is no information about a newer version that contains a fix for this issue.