Jppuetz

**Name of the Vulnerable Software and Affected Versions** Wikindx versions prior to 5.7.0 Wikindx versions 6.x through 6.4.0 **Description** A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via the `message` parameter to "index.php?action=initLogon" or "modules/admin/DELETEIMAGES.php". **Recommendations** For versions prior to 5.7.0, update to version 5.7.0 or later. For versions 6.x through 6.4.0, update to a version later than 6.4.0. As a temporary workaround, consider restricting access to the "index.php?action=initLogon" and "modules/admin/DELETEIMAGES.php" endpoints until a patch is available. Avoid using the `message` parameter in the affected API endpoints until the issue is resolved.