Victor · Victor Cms · CVE-2020-15599
**Name of the Vulnerable Software and Affected Versions**
Victor CMS through 2019-02-28
**Description**
The issue allows for XSS attacks via the `register.php` `user firstname` or `user lastname` field.
**Recommendations**
For Victor CMS through 2019-02-28, consider disabling the `register.php` page or restricting input to the `user firstname` and `user lastname` fields until a fix is available.