Glo0M7

**Name of the Vulnerable Software and Affected Versions** MiniCMS version 1.10 **Description** The issue allows for XSS via a crafted URI due to the mishandling of $ SERVER['REQUEST URI'] when Internet Explorer is used. **Recommendations** For MiniCMS version 1.10, consider validating and sanitizing user input to prevent the exploitation of this issue, specifically when handling the `REQUEST URI` variable. As a temporary workaround, restrict access to the application when using Internet Explorer until a proper fix is applied.

**Name of the Vulnerable Software and Affected Versions** MiniCMS version 1.1 **Description** The issue is related to a Cross Site Scripting (XSS) vulnerability. It affects the "http://example.org/mc-admin/page.php?date={payload}" endpoint, where `{payload}` can be used for code injection. **Recommendations** For MiniCMS version 1.1, as a temporary workaround, consider restricting access to the "http://example.org/mc-admin/page.php?date={payload}" endpoint until a patch is available. Avoid using the `date` parameter in this endpoint until the issue is resolved.