Xfwang

**Name of the Vulnerable Software and Affected Versions** osCommerce version 4 **Description** A problematic issue has been found in osCommerce, affecting an unknown part of the file /b2b-supermarket/catalog/all-products. The manipulation of the `keywords` argument with a specific input leads to cross-site scripting. This can be initiated remotely. The issue has been publicly disclosed and may be exploited. **Recommendations** For osCommerce version 4, as a temporary workaround, consider restricting access to the `/b2b-supermarket/catalog/all-products` endpoint until a patch is available. Avoid using the `keywords` argument in this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Wireshark versions 2.6.0 through 2.6.16 Wireshark versions 3.0.0 through 3.0.10 Wireshark versions 3.2.0 through 3.2.3 **Description** The issue is related to uncontrolled recursion in the NFS dissector, which could allow a remote attacker to cause a denial of service. The problem occurs due to excessive recursion, such as when encountering a cycle in the directory graph on a filesystem. This can lead to a crash of the NFS dissector. **Recommendations** For Wireshark versions 2.6.0 through 2.6.16, update the epan/dissectors/packet-nfs.c file to prevent excessive recursion. For Wireshark versions 3.0.0 through 3.0.10, update the epan/dissectors/packet-nfs.c file to prevent excessive recursion. For Wireshark versions 3.2.0 through 3.2.3, update the epan/dissectors/packet-nfs.c file to prevent excessive recursion. As a temporary workaround, consider disabling the NFS dissector until a patch is available.