M3Lon

**Name of the Vulnerable Software and Affected Versions** FUEL CMS version 1.4.3 **Description** The issue allows for CSRF via the "users/create/" endpoint to add an administrator account. **Recommendations** For FUEL CMS version 1.4.3, consider implementing proper CSRF protection mechanisms to prevent unauthorized access to the "users/create/" endpoint. As a temporary workaround, restrict access to the "users/create/" endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** SEMCMS PHP version 3.4 **Description** A cross-site scripting (XSS) issue was found in SEMCMS PHP. The issue is related to the `tag indexkey` parameter in the "SEMCMS SeoAndTag.php" endpoint, specifically when the "Class" parameter is set to "edit" and the "CF" parameter is set to "SeoAndTag". **Recommendations** For SEMCMS PHP version 3.4, as a temporary workaround, consider restricting access to the SEMCMS SeoAndTag.php endpoint until a patch is available. Avoid using the `tag indexkey` parameter in the affected endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Waimai Super Cms version 20150505 **Description** An issue was discovered that allows for XSS via the "index.php?m=public&a=doregister" endpoint, specifically through the `username` parameter. **Recommendations** For Waimai Super Cms version 20150505, avoid using the `username` parameter in the "index.php?m=public&a=doregister" endpoint until the issue is resolved. As a temporary workaround, consider restricting access to this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.