Trevor Jay

**Name of the Vulnerable Software and Affected Versions** Aerogear (affected versions not specified) **Description** Multiple persistent cross-site scripting (XSS) flaws were found in the way Aerogear handled certain user-supplied content. A remote attacker could use these flaws to compromise the application with specially crafted input. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** JBoss Enterprise Portal Platform versions 5.2.2 and earlier **Description** A cross-site request forgery issue exists, allowing remote attackers to hijack the authentication of victims via unknown vectors. **Recommendations** For JBoss Enterprise Portal Platform versions 5.2.2 and earlier, update to a version later than 5.2.2 to resolve the issue.