Manasmbellani

**Name of the Vulnerable Software and Affected Versions** Ivan Cordoba Generic Content Management System (CMS) through 2018-04-28 **Description** The issue concerns a Cross-Site Scripting (XSS) flaw. It is exploitable via the Administrator/add pictures.php `article ID`. **Recommendations** For Ivan Cordoba Generic Content Management System (CMS) through 2018-04-28, update to a version released after 2018-04-28 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Ivan Cordoba Generic Content Management System (CMS) through 2018-04-28 **Description** The issue allows for XSS via the Administrator/users.php `user ID`. **Recommendations** For Ivan Cordoba Generic Content Management System (CMS) through 2018-04-28, avoid using the `user ID` in the Administrator/users.php endpoint until the issue is resolved.