Dongvv-2538

**Name of the Vulnerable Software and Affected Versions** flatCore-CMS version 2.2.15 **Description** The issue allows attackers to execute arbitrary code via the `description` field on the new page creation form. This is a cross-site scripting (XSS) vulnerability, which means attackers can inject malicious scripts into websites, potentially leading to unauthorized access or control. **Recommendations** For flatCore-CMS version 2.2.15, update to a version that fixes this issue, as using the `description` field on the new page creation form can lead to arbitrary code execution. At the moment, there is no information about a newer version that contains a fix for this vulnerability.