Dreamsroid

**Name of the Vulnerable Software and Affected Versions** YzmCMS version 5.2 **Description** An issue exists in the software where XSS is possible via the `searinfo` parameter in the "admin/content/search.html" endpoint. **Recommendations** For YzmCMS version 5.2, consider restricting access to the `searinfo` parameter in the "admin/content/search.html" endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Eleanor CMS versions prior to 2015-03-19 **Description** A security issue exists in the software, where XSS is possible via the "ajax.php?direct=admin&file=autocomplete&query=[XSS]" URI. This allows for potential exploitation. **Recommendations** For versions prior to 2015-03-19, as a temporary workaround, consider restricting access to the "ajax.php" endpoint, specifically the 'autocomplete' file with 'direct' parameter set to 'admin', until a fix is available.