Free雅轩

**Name of the Vulnerable Software and Affected Versions** OTCMS version 3.20 **Description** The issue allows for XSS by adding a keyword or link to an article. This can be demonstrated through a request to the "admin/keyWord deal.php?mudi=add" endpoint. **Recommendations** For OTCMS version 3.20, consider restricting access to the admin/keyWord deal.php endpoint until a fix is available, and avoid adding unvalidated keywords or links to articles to minimize the risk of exploitation.