Cgaiideo

**Name of the Vulnerable Software and Affected Versions** WeaselCMS version 0.3.5 **Description** An issue allows CSRF to update website settings, including theme, title, and description, via the "index.php" endpoint. **Recommendations** For WeaselCMS version 0.3.5, update to a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** WeaselCMS version 0.3.5 **Description** An issue was discovered that allows CSRF to create new pages via an "index.php?b=pages&a=new" URI. **Recommendations** For WeaselCMS version 0.3.5, consider implementing proper CSRF protection mechanisms to prevent unauthorized creation of new pages. As a temporary workaround, restrict access to the "index.php?b=pages&a=new" URI to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** WeaselCMS version 0.3.5 **Description** An issue exists where XSS is possible via the Site Language, Site Title, Site Description, and Site Keywords on the SETTINGS page. **Recommendations** For WeaselCMS version 0.3.5, update to a version that fixes this issue, as the current version allows for XSS attacks through specific settings fields. At the moment, there is no information about a newer version that contains a fix for this vulnerability.