Userx

**Name of the Vulnerable Software and Affected Versions** Ovidentia version 8.4.3 **Description** The issue concerns a problem with index.php in Ovidentia, where there is a possibility of XSS via several specific parameters. The affected parameters include `tg=groups`, `tg=maildoms&idx=create&userid=0&bgrp=y`, `tg=delegat`, `tg=site&idx=create`, `tg=site&item=4`, `tg=admdir&idx=mdb&id=1`, `tg=notes&idx=Create`, `tg=admfaqs&idx=Add`, and `tg=admoc&idx=addoc&item=`. **Recommendations** For Ovidentia version 8.4.3, consider restricting access to the vulnerable index.php file until a patch is available. As a temporary workaround, avoid using the specified parameters in the index.php file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Ovidentia version 8.4.3 **Description** The issue is related to SQL Injection, which occurs via the `id` parameter in an "index.php?tg=delegat&idx=mem" request. **Recommendations** For Ovidentia version 8.4.3, avoid using the `id` parameter in the affected "index.php?tg=delegat&idx=mem" request until the issue is resolved.