Wxdigo8O

**Name of the Vulnerable Software and Affected Versions** Waimai Super Cms version 20150505 **Description** An issue was discovered that allows for XSS via the `username` or `password` parameter in the "admin.php?m=Member&a=adminaddsave" API endpoint. **Recommendations** For Waimai Super Cms version 20150505, consider disabling the adminaddsave function in the Member module until a patch is available to prevent potential XSS attacks via the `username` or `password` parameters.