jBusiness Directory from CMS Junkie,4.9.3 and previous versions, SQL Injection, XSS

resolution: update to 4.9.4

update notice: http://www.cmsjunkie.com/blog/joomla_business_directory_4-9-4_release/

Note that the developer did not inform the VEL