Junerainblog

Name of the Vulnerable Software and Affected Versions: UK CMS version 1.1.10 Description: A stored cross site scripting (XSS) vulnerability in "index.php/legend/6.html" of UK CMS allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the `Comments` section. Recommendations: For UK CMS version 1.1.10, consider disabling the Comments section in "index.php/legend/6.html" until a patch is available to prevent exploitation of the stored XSS vulnerability.