Unknown · Gis3W G3W-Suite · CVE-2023-29998
**Name of the Vulnerable Software and Affected Versions**
Gis3W g3w-suite version 3.5
**Description**
A Cross-site scripting (XSS) vulnerability in the content editor allows remote authenticated users to inject arbitrary web script or HTML and gain privileges via the `description` parameter.
**Recommendations**
For Gis3W g3w-suite version 3.5, consider restricting access to the content editor to minimize the risk of exploitation until a patch is available. Avoid using the `description` parameter in the affected content editor until the issue is resolved.