Coalzhao

**Name of the Vulnerable Software and Affected Versions** khodakhah NodCMS version 3.0 **Description** The issue allows a remote attacker to execute arbitrary code and gain access to sensitive information via a crafted script to the `address` parameter. This can be done by an attacker with administrative privileges. **Recommendations** For khodakhah NodCMS version 3.0, consider disabling access to the `address` parameter until a patch is available. Restricting administrative privileges may also help minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Gleez CMS version 1.2.0 **Description** An issue was discovered that allows for XSS via the "media/imagecache/resize" API endpoint. **Recommendations** For Gleez CMS version 1.2.0, update to a newer version that contains a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.