We just released Komento 2.0.7 to address a security issue where a remote attacker may be able to launch an xss attack in prior versions of Komento.
update notice: https://stackideas.com/blog/important-komento-2-0-7-security-fix
JACC (Just Another Component Creator),3.0.3 - r199, XSS (Cross Site Scripting)
Note that the vulnerability affects Joomla components generated using this extension rather than the extension itself.
Kunena,5.0.2 and newer,XSS (Cross Site Scripting)
resolutiion: update to 5.0.5
update notice: https://www.kunena.org/forum/announcement/id-107
Resolution: update to 3.0.12 (or 2.6.22 for VM2 users)
Update notice: http://virtuemart.net/news/latest-news/473-security-release-virtuemart-3-0-12
Note that developer did not inform the VEL