Amal264882

Name of the Vulnerable Software and Affected Versions: InstantCMS versions prior to 2.16.3 Description: The issue is related to a lack of input validation in the photo upload function on the photo album page, allowing attackers to inject and execute Cross Site Scripting (XSS) payloads. Recommendations: For versions prior to 2.16.3, update to version 2.16.3 to resolve the issue. As a temporary workaround, consider disabling the photo upload function in the photo album page until the update is applied. Restrict access to the photo album page to minimize the risk of exploitation.