Amr Al Hallak

**Name of the Vulnerable Software and Affected Versions** Axiell Iguana CMS (affected versions not specified) **Description** A reflected XSS issue has been found, allowing an attacker to execute code in a victim's browser. The `url` parameter on the "novelist.php" endpoint does not properly neutralize user input, resulting in the issue. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Axiell Iguana CMS (affected versions not specified) **Description** A reflected XSS issue has been found, allowing an attacker to execute code in a victim's browser. The `module` parameter on the "Service.template.cls" endpoint does not properly neutralise user input, resulting in the issue. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Axiell Iguana CMS (affected versions not specified) **Description** A Local File Inclusion issue has been found in Axiell Iguana CMS. The problem arises from insufficient neutralisation of user input on the `url` parameter in the "Proxy.type.php" and "imageProxy.type.php" endpoints. This allows external users to access files on the server. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Nome do software vulnerável e versões afetadas** Axiell Iguana CMS (versões afetadas não especificadas) **Descrição** Foi encontrada uma vulnerabilidade de XSS refletido, permitindo que um invasor execute código no navegador da vítima. O parâmetro `title` no endpoint “twitter.php” não neutraliza adequadamente a entrada do usuário, resultando na vulnerabilidade. **Recomendações** No momento, não há informações sobre uma versão mais recente que contenha uma correção para esta vulnerabilidade.