Xd-519

**Name of the Vulnerable Software and Affected Versions** tp5cms versions through 2017-05-25 **Description** An issue was discovered in the software, where the "admin.php/system/set.html" endpoint has a cross-site scripting (XSS) vulnerability via the `keywords` parameter. **Recommendations** For versions through 2017-05-25, as a temporary workaround, consider restricting access to the "admin.php/system/set.html" endpoint until a patch is available. Avoid using the `keywords` parameter in this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.