Able403

**Name of the Vulnerable Software and Affected Versions** Subrion CMS versions prior to 4.2.1 **Description** A Cross Site Scripting (XSS) issue exists in the Create Page functionality of the admin Account via an SVG file. **Recommendations** For versions prior to 4.2.1, update to a version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** FUEL-CMS version 1.5.1 **Description** A Cross Site Scripting (XSS) issue exists in the Assets page via an SVG file. This allows for potential malicious script execution. **Recommendations** For FUEL-CMS version 1.5.1, consider restricting the upload of SVG files in the Assets page until a patch is available. As a temporary workaround, disabling the ability to upload files in the Assets page may help minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** bloofoxCMS versions 0.5.1 through 0.5.2.1 **Description** Multiple Cross Site Scripting (XSS) vulnerabilities exist in the software. The issue is related to the `file` parameter and the `type` parameter in an edit action in the "index.php" endpoint. **Recommendations** For versions 0.5.1 through 0.5.2.1, consider disabling the edit action in index.php until a patch is available. Restrict access to the `file` and `type` parameters to minimize the risk of exploitation.