Cdevroe

**Name of the Vulnerable Software and Affected Versions** cdevroe unmark versions up to 1.9.3 **Description** A cross-site scripting issue exists due to manipulation of the `Title` argument. This impacts an unknown function within the `application/views/marks/info.php` file. The attack can be carried out remotely, and an exploit has been publicly released. The vendor was notified but did not respond. **Recommendations** Versions prior to 1.9.3: Address the cross-site scripting issue by sanitizing the `Title` argument before using it in the `application/views/marks/info.php` file.