Wang Yiru

**Name of the Vulnerable Software and Affected Versions** iCMS version 8.0.0 **Description** The iCMS software contains a Cross-Site Scripting (XSS) issue in the User Management component. The issue is located within the index.html file and allows remote attackers to execute arbitrary web script or HTML. The attack vector involves the `regip` or `loginip` parameters. **Recommendations** Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, sanitize the `regip` and `loginip` parameters before processing them.