Antonio Díaz

**Name of the Vulnerable Software and Affected Versions** CMSimple version 5.15 **Description** A Cross-Site Scripting (XSS) issue in the Settings menu of CMSimple allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the `Logout` parameter under the Language section. This enables attackers to potentially hijack user sessions, steal sensitive data, or perform other malicious actions. **Recommendations** For CMSimple version 5.15, update to a newer version that contains a fix for this issue. As a temporary workaround, consider restricting access to the Settings menu, especially the Language section, to minimize the risk of exploitation. Avoid using the `Logout` parameter in the affected section until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** CMSimple version 5.15 **Description** A cross-site scripting (XSS) vulnerability in the Settings menu allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the `Downloads` parameter under the Language section. **Recommendations** For CMSimple version 5.15, as a temporary workaround, consider restricting access to the Settings menu, specifically the Language section, until a patch is available. Avoid using the `Downloads` parameter in the affected section until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** WonderCMS version 3.4.3 **Description** Multiple cross-site scripting (XSS) vulnerabilities in the HOW TO page of WonderCMS allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into any of the parameters. **Recommendations** For WonderCMS version 3.4.3, update to a newer version that contains a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** WonderCMS version 3.4.3 **Description** A cross-site scripting (XSS) vulnerability in the Settings section allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the `WEBSITE TITLE` parameter under the Menu module. **Recommendations** For WonderCMS version 3.4.3, as a temporary workaround, consider restricting access to the Settings section, specifically the Menu module, until a patch is available. Avoid using the `WEBSITE TITLE` parameter in the affected module to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** WonderCMS version 3.4.3 **Description** Multiple cross-site scripting (XSS) vulnerabilities in the Home page of WonderCMS allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into any of the parameters. This issue enables attackers to potentially steal user data or take control of user sessions. **Recommendations** For WonderCMS version 3.4.3, update to a newer version that contains a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Boid CMS version 2.1.0 **Description** A cross-site scripting (XSS) vulnerability in the Create Page of Boid CMS allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the `Permalink` parameter. **Recommendations** For Boid CMS version 2.1.0, consider disabling the Create Page feature until a patch is available to prevent exploitation of the XSS vulnerability. Restrict access to the Permalink parameter to minimize the risk of arbitrary web script execution.

**Name of the Vulnerable Software and Affected Versions** Boid CMS version 2.1.0 **Description** A cross-site scripting (XSS) vulnerability in the Create Page of Boid CMS allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the `Content` parameter. **Recommendations** For Boid CMS version 2.1.0, as a temporary workaround, consider restricting the use of the Create Page until a patch is available. Avoid using the `Content` parameter in the affected Create Page until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** WonderCMS version 3.4.3 **Description** A cross-site scripting (XSS) vulnerability in the Settings section allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the `ADMIN LOGIN URL` parameter under the Security module. **Recommendations** For WonderCMS version 3.4.3, as a temporary workaround, consider restricting access to the Settings section, specifically the Security module, until a patch is available. Avoid using the `ADMIN LOGIN URL` parameter in the affected area until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** CMSimple version 5.15 **Description** A cross-site scripting (XSS) vulnerability in the Settings menu allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the `Configuration` parameter under the Language section. **Recommendations** For CMSimple version 5.15, as a temporary workaround, consider restricting access to the Settings menu until a patch is available. Avoid using the `Configuration` parameter in the Language section to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** WonderCMS version 3.4.3 **Description** A cross-site scripting (XSS) vulnerability in the Settings section allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the `SITE LANGUAGE CONFIG` parameter under the Security module. **Recommendations** For WonderCMS version 3.4.3, consider disabling the Security module or restricting access to the Settings section until a patch is available. Avoid using the `SITE LANGUAGE CONFIG` parameter in the affected Settings section until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** WonderCMS version 3.4.3 **Description** A cross-site scripting (XSS) vulnerability in the Settings section allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the `PAGE KEYWORDS` parameter under the CURRENT PAGE module. **Recommendations** For WonderCMS version 3.4.3, consider disabling the Settings section or restricting access to the CURRENT PAGE module until a patch is available. Avoid using the `PAGE KEYWORDS` parameter in the affected module to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** WonderCMS version 3.4.3 **Description** A cross-site scripting (XSS) vulnerability in the Settings section allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the `PAGE DESCRIPTION` parameter under the CURRENT PAGE module. **Recommendations** For WonderCMS version 3.4.3, as a temporary workaround, consider restricting access to the Settings section, specifically the CURRENT PAGE module, until a patch is available. Avoid using the `PAGE DESCRIPTION` parameter in the affected module to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** WonderCMS version 3.4.3 **Description** A cross-site scripting (XSS) vulnerability in the Settings section allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the `MENU` parameter under the Menu module. **Recommendations** For WonderCMS version 3.4.3, consider disabling access to the Menu module or restricting the use of the `MENU` parameter until a patch is available. As a temporary workaround, avoid using the `MENU` parameter in the Settings section to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** CMSimple version 5.15 **Description** A cross-site scripting (XSS) vulnerability in the Settings menu allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the `Edit` parameter under the Language section. **Recommendations** For CMSimple version 5.15, as a temporary workaround, consider restricting access to the Settings menu, specifically the Language section, until a patch is available. Avoid using the `Edit` parameter in the affected section to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** WonderCMS version 3.4.3 **Description** A cross-site scripting (XSS) vulnerability in the Settings section allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the `PAGE TITLE` parameter under the Current Page module. This issue enables attackers to inject malicious code, potentially leading to unauthorized actions on the affected system. **Recommendations** For WonderCMS version 3.4.3, consider disabling the Current Page module or restricting access to the Settings section until a patch is available. Avoid using the `PAGE TITLE` parameter in the affected module to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.