Prasadlingamaiah

**Name of the Vulnerable Software and Affected Versions** Evolution CMS versions 2.0.x **Description** The issue allows for XSS via a description and new category location in a template. The vendor states that the behavior is consistent with the access policy in the administration panel. **Recommendations** For Evolution CMS versions 2.0.x, consider restricting access to template editing features to minimize the risk of exploitation. As a temporary workaround, avoid using user-inputted data in descriptions and new category locations until a fix is available. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** CMS Clipper version 1.3.3 **Description** The issue concerns a security problem where an attacker can inject malicious code. This is possible due to insufficient input validation in several fields, including the Security tab search, User Groups, Resource Groups, and User/Resource Group Links fields. **Recommendations** For CMS Clipper version 1.3.3, update to a version that addresses this issue, as the current version allows for malicious code injection in the specified fields. At the moment, there is no information about a newer version that contains a fix for this vulnerability.