
Reflected XSS in Combodo iTop's render endpoint allows arbitrary JavaScript execution via multiple query parameters.

Stored XSS in EGavilan Media's Expense Management System allows arbitrary JavaScript execution via expense description.

Unauthenticated SQL injection vulnerability in EGavilan Media's Job App allows login bypass.

Stored XSS vulnerability in FlatPress 1.2.1 allows arbitrary JavaScript execution via crafted post content.

Unauthenticated SQL injection vulnerability in GRANDCOM CMS allows login bypass via crafted username.