Yuya Yoshida

**Name of the Vulnerable Software and Affected Versions** appleple a-blog cms versions 2.6.0.1 and earlier **Description** The issue concerns the session management of the comment functionality, allowing remote attackers to obtain or modify sensitive data. **Recommendations** For versions 2.6.0.1 and earlier, update to a version later than 2.6.0.1 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** appleple a-blog cms versions 2.6.0.1 and earlier **Description** The issue is related to a cross-site scripting (XSS) vulnerability in the standard template of the comment functionality. This allows remote attackers to inject arbitrary web script or HTML. **Recommendations** For versions 2.6.0.1 and earlier, update to a version that contains a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Epoch Web Mailing List versions 0.31 and earlier **Description** A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML. This can be achieved via unspecified vectors, potentially leading to the execution of malicious code on the client-side. **Recommendations** For Epoch Web Mailing List versions 0.31 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** osCommerce version 2.2MS1J before R9 **Description** The issue is related to a cross-site scripting (XSS) vulnerability. This allows remote attackers to inject arbitrary web script or HTML. **Recommendations** For osCommerce version 2.2MS1J before R9, update to version R9 or later to resolve the issue.