Vicente Aguilera Diaz

**Name of the Vulnerable Software and Affected Versions** Project'Or RIA version 3.4.0 **Description** A SQL injection issue allows remote attackers to execute arbitrary SQL commands. This is achieved by manipulating the `objectId` parameter in the view/objectDetail.php file. **Recommendations** For Project'Or RIA version 3.4.0, consider restricting access to the view/objectDetail.php file until a patch is available, and avoid using the `objectId` parameter in this context to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** @mail Webmail versions prior to 6.2.0 **Description** A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML via the `MailType` parameter in a "mail/auth/processlogin" action. This could potentially lead to unauthorized actions on the affected web application. **Recommendations** For versions prior to 6.2.0, update to version 6.2.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the "mail/auth/processlogin" action to minimize the risk of exploitation. Avoid using the `MailType` parameter in the affected action until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Inside Systems Mail (ISMail) versions 2.0 and earlier **Description** A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML. This is achieved via the `error` parameter in the error.php file. **Recommendations** For versions 2.0 and earlier, consider disabling the error.php file or restricting access to it until a fix is available. As a temporary workaround, avoid using the `error` parameter in the error.php file to minimize the risk of exploitation.