Whj_Jinqu

**Name of the Vulnerable Software and Affected Versions** SiteServer CMS versions up to 7.2.1 **Description** A problematic issue was found in the software, affecting an unknown function of the file /api/stl/actions/search. The manipulation of the `ajaxDivId` argument leads to cross-site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. **Recommendations** For versions up to 7.2.1, apply a patch to fix this issue. As a temporary workaround, consider restricting access to the `/api/stl/actions/search` endpoint or avoiding the use of the `ajaxDivId` argument until a patch is available.