Fakerrr

**Name of the Vulnerable Software and Affected Versions** njiandan-cms versions prior to 2013-05-23 **Description** The issue allows for a CSRF attack via the index.php/admin/user new endpoint to add an administrator. **Recommendations** For versions prior to 2013-05-23, update to a version released after 2013-05-23 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** DiliCMS version 2.4.0 **Description** A Stored XSS issue was found in the first textbox of "System setting->site setting" in admin/index.php, specifically affecting the `site name` variable. **Recommendations** For DiliCMS version 2.4.0, as a temporary workaround, consider restricting access to the "System setting->site setting" page in admin/index.php until a patch is available. Avoid using the `site name` variable in the affected textbox until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** DiliCMS version 2.4.0 **Description** A Stored XSS issue was found in the second textbox of "System setting->site setting" in admin/index.php, specifically related to the `site domain`. **Recommendations** For DiliCMS version 2.4.0, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** DiliCMS version 2.4.0 **Description** A Stored XSS issue was found in the site logo setting of the admin panel, specifically in the third textbox of "System setting->site setting" in admin/index.php, referenced as `site logo`. **Recommendations** For DiliCMS version 2.4.0, update the `site logo` setting in the admin panel to ensure it does not contain malicious code, and consider temporarily restricting access to the "System setting->site setting" page until a fix is available.

**Name of the Vulnerable Software and Affected Versions** YUNUCMS version 1.1.8 **Description** An issue was discovered in YUNUCMS, where the app/index/controller/Show.php file has a cross-site scripting (XSS) vulnerability. This vulnerability can be exploited via the `cw` parameter in the "index.php/index/show/index" endpoint. **Recommendations** For YUNUCMS version 1.1.8, as a temporary workaround, consider restricting access to the vulnerable `Show.php` file until a patch is available. Avoid using the `cw` parameter in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.