Twohub

**Name of the Vulnerable Software and Affected Versions** YzmCMS version 5.1 **Description** The issue is related to a Cross-Site Scripting (XSS) problem. It occurs via the `title` parameter in the admin/system manage/user config add.html page. **Recommendations** For YzmCMS version 5.1, avoid using the `title` parameter in the admin/system manage/user config add.html page until a fix is available. As a temporary workaround, consider restricting access to this page to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Creatiwity wityCMS version 0.6.2 **Description** The issue concerns the "utilisateur" menu in Creatiwity wityCMS, where two input points for user information are vulnerable to XSS attacks. Specifically, the `first name` and `last name` parameters are affected. **Recommendations** For Creatiwity wityCMS version 0.6.2, consider restricting input for the `first name` and `last name` parameters to minimize the risk of XSS exploitation. As a temporary workaround, validate and sanitize user input for these parameters until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Creatiwity wityCMS version 0.6.2 **Description** A search for user discovery injection issue exists, allowing unfiltered input parameters. Specifically, the issue is accessible via the "Utilisateur" menu, affecting parameters such as `Nickname`, `email`, `firstname`, `lastname`, and `groupe` in the `/admin/user/users` endpoint. **Recommendations** For Creatiwity wityCMS version 0.6.2, consider restricting access to the `/admin/user/users` endpoint until a fix is available, and ensure that all input parameters, including `Nickname`, `email`, `firstname`, `lastname`, and `groupe`, are properly filtered to prevent injection.

**Name of the Vulnerable Software and Affected Versions** YzmCMS version 5.1 **Description** The issue is related to stored XSS that exists via the `title` parameter in the admin/system manage/user config add.html page. **Recommendations** For YzmCMS version 5.1, update the software to a version that fixes this issue, or as a temporary workaround, consider restricting access to the admin/system manage/user config add.html page to minimize the risk of exploitation. Avoid using the `title` parameter in this page until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Victor CMS versions prior to 2018-05-10 **Description** An issue was discovered that allows for XSS via the site name in the "Categories" menu. **Recommendations** For versions prior to 2018-05-10, update to a version released after 2018-05-10 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** wityCMS version 0.6.2 **Description** The issue is related to a Cross-Site Scripting (XSS) problem. It occurs via the `Site Name` field, which is located in the `Contact` section of the `Configuration` page. **Recommendations** For wityCMS version 0.6.2, update the software to a version that includes a fix for this issue, as using the `Site Name` field in the `Contact` `Configuration` page can lead to XSS attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.