Jelmersnoeck

**Name of the Vulnerable Software and Affected Versions** Fork CMS versions prior to 3.2.7 **Description** The issue allows remote attackers to inject arbitrary web script or HTML. This can be achieved via the `term` parameter to several API endpoints, including "autocomplete.php", "search/ajax/autosuggest.php", "livesuggest.php", or "save.php" in frontend/modules/search/ajax. **Recommendations** For versions prior to 3.2.7, update to version 3.2.7 or later to resolve the issue.