Yoshinori Ohta

**Name of the Vulnerable Software and Affected Versions** OSK Advance-Flow versions 4.41 and earlier OSK Advance-Flow Forms versions 4.41 and earlier **Description** The issue allows remote attackers to execute arbitrary SQL commands. **Recommendations** For OSK Advance-Flow versions 4.41 and earlier, update to a version later than 4.41. For OSK Advance-Flow Forms versions 4.41 and earlier, update to a version later than 4.41.

Name of the Vulnerable Software and Affected Versions: Blosxom versions prior to 2.1.2 Description: A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via the `flav` parameter, which is related to the `flavour` variable. This can be exploited by sending malicious input to the `/blosxom.cgi` endpoint. Recommendations: For versions prior to 2.1.2, update to version 2.1.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the `flav` parameter in the `blosxom.cgi` endpoint to minimize the risk of exploitation.