Th3 Rdx

**Name of the Vulnerable Software and Affected Versions** webConductor (affected versions not specified) **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `id` parameter in the default.php file. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** MetInfo version 3.0 **Description** A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML. This is achieved via the `searchword` parameter in the "search/search.php" file, also known as the Search Box field. **Recommendations** For MetInfo version 3.0, consider restricting access to the search functionality until a fix is available, or avoid using the `searchword` parameter in the search/search.php file to minimize the risk of exploitation.