Karol Czubernat

**Name of the Vulnerable Software and Affected Versions** Windu CMS version 4.1 Windu CMS (affected versions not specified) **Description** Windu CMS has multiple Stored Cross-Site Scripting (XSS) issues in the page editing endpoint ''/windu/admin/content/pages/edit/''. A user with privileges can exploit this to potentially target users with higher privileges. The vendor was notified but did not provide details about vulnerable versions. **Recommendations** Update to a newer version of Windu CMS that addresses this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Windu CMS version 4.1 Windu CMS (affected versions not specified) **Description** Windu CMS has a flaw that allows attackers to perform Cross-Site Request Forgery (CSRF) attacks in the user editing functionality. The existing CSRF protection can be circumvented by utilizing the CSRF token from another user. Registration is open to anyone, allowing for easy account creation. **Recommendations** Apply a fix for Windu CMS version 4.1. Implement a robust CSRF protection mechanism that prevents the use of CSRF tokens from other users.

**Name of the Vulnerable Software and Affected Versions** Windu CMS version 4.1 Windu CMS (affected versions not specified) **Description** Windu CMS has a flaw related to access control in the user editing feature. An attacker with sufficient privileges can send a GET request to delete Super Admins, a function not normally accessible through the graphical user interface. The vendor was informed of this issue but did not provide details about vulnerable versions. **Recommendations** Apply any available updates or patches for Windu CMS version 4.1. For other versions, implement strict access controls and regularly review user privileges.

**Name of the Vulnerable Software and Affected Versions** Windu CMS version 4.1 Windu CMS (affected versions not specified) **Description** Windu CMS is susceptible to a Cross-Site Request Forgery (CSRF) issue within the user editing functionality. A malicious actor can create a specially crafted website that, when accessed by a victim, automatically submits a POST request to delete a specified user. The vendor was informed of this issue but did not provide details regarding vulnerable versions or a response. **Recommendations** Apply a fix for Windu CMS version 4.1. Address the Cross-Site Request Forgery issue in all other potentially vulnerable versions of Windu CMS.

**Name of the Vulnerable Software and Affected Versions** Windu CMS version 4.1 Windu CMS (affected versions not specified) **Description** Windu CMS has a weak client-side brute-force protection mechanism. The system utilizes the `loginError` parameter, but does not store attempt counts or timeouts server-side. This allows an attacker to bypass the brute-force protection by resetting the `loginError` parameter. The vendor was notified of this issue but did not provide details regarding vulnerable versions. **Recommendations** Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, consider disabling the login functionality until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Windu CMS version 4.1 Windu CMS (affected versions not specified) **Description** Windu CMS is susceptible to a Cross-Site Request Forgery (CSRF) issue within its file uploading functionality. A malicious actor can create a specially crafted website that, when accessed by a victim, will automatically send a malicious file to the server. The vendor was informed of this issue but did not provide details regarding vulnerable versions. **Recommendations** Apply a fix for Windu CMS version 4.1. For other versions, apply a fix when available.

**Name of the Vulnerable Software and Affected Versions** Windu CMS version 4.1 Windu CMS (affected versions not specified) **Description** Windu CMS is susceptible to Stored Cross-Site Scripting (XSS) in the logon page due to inadequate input validation. A malicious actor can inject arbitrary HTML and JavaScript code into the website. This injected code will be rendered and executed when an administrator visits the logs page. **Recommendations** Apply appropriate input validation to all user-supplied data on the logon page.

**Name of the Vulnerable Software and Affected Versions** Windu CMS version 4.1 Windu CMS (affected versions not specified) **Description** Windu CMS is susceptible to User Enumeration. During the login process, differing messages can reveal whether a login attempt is valid, potentially enabling a brute force attack utilizing valid credentials. The vendor was informed of this issue but did not provide details regarding vulnerable versions. Testing confirmed version 4.1 as vulnerable, and other versions may also be affected. **Recommendations** Versions prior to version 4.1 should be considered vulnerable and investigated. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** QuickCMS version 6.8 QuickCMS (affected versions not specified) **Description** QuickCMS is susceptible to multiple Stored Cross-Site Scripting (XSS) issues within the language editor functionality, specifically in the 'languages' section. An attacker possessing administrative privileges can inject arbitrary HTML and JavaScript code into the website. This injected code will be rendered and executed on every page viewed by users. The vendor was informed of this issue but did not provide details regarding vulnerable version ranges. While version 6.8 was confirmed as vulnerable, other versions have not been tested and may also be affected. **Recommendations** Update to a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** QuickCMS version 6.8 **Description** A flaw exists where sensitive admin credentials are hardcoded in a configuration file and stored in plaintext. This allows attackers with access to the source code or the server file system to retrieve authentication details, potentially leading to privilege escalation. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: QuickCMS version 6.8 Description: QuickCMS transmits passwords and login credentials via GET requests, potentially allowing a local attacker with access to a victim’s browser history to obtain credentials and log in as the user. Recommendations: Update to a newer version of QuickCMS that does not transmit credentials via GET requests.

Name of the Vulnerable Software and Affected Versions: QuickCMS version 6.8 Description: QuickCMS is susceptible to a Stored Cross-Site Scripting (XSS) issue through the `sDescriptionMeta` parameter within the page editor's SEO functionality. An attacker possessing administrative privileges can inject arbitrary HTML and JavaScript code into a website. This injected code will be rendered and executed when a user visits the modified page. By default, the admin user is not able to add JavaScript into the website. Recommendations: Update to a newer version that contains a fix for this issue.

Name of the Vulnerable Software and Affected Versions: QuickCMS version 6.8 Description: QuickCMS is susceptible to Reflected Cross-Site Scripting (XSS) through the `sSort` parameter within the admin panel functionality. An attacker can leverage this to execute arbitrary JavaScript code in a victim’s browser by crafting a malicious URL. Recommendations: QuickCMS version 6.8: Address the issue by sanitizing user input for the `sSort` parameter to prevent the injection of malicious scripts.

Name of the Vulnerable Software and Affected Versions: QuickCMS version 6.8 Description: QuickCMS is susceptible to Reflected Cross-Site Scripting (XSS) via the `sLangEdit` parameter within the admin panel functionality. An attacker can create a malicious URL that, when accessed, can execute arbitrary JavaScript code in a victim’s browser. Recommendations: Update to a newer version that contains a fix for this issue.

Name of the Vulnerable Software and Affected Versions: QuickCMS version 6.8 Description: QuickCMS is susceptible to a Stored Cross-Site Scripting (XSS) issue through the `aDirFilesDescriptions` parameter within the files editor functionality. An attacker with administrative privileges can inject arbitrary HTML and JavaScript code into the website. This injected code will be rendered and executed when a user visits the modified page. By default, the administrative user is restricted from adding JavaScript to the website. Recommendations: Update to a newer version that contains a fix for this issue.

Name of the Vulnerable Software and Affected Versions: QuickCMS version 6.8 Description: QuickCMS is susceptible to a Cross-Site Request Forgery (CSRF) issue in the page deletion functionality. A malicious actor can create a crafted website that, when visited by an administrator, automatically sends a POST request to delete an article. The vendor was notified of this issue but did not provide details regarding vulnerable version ranges. Recommendations: Apply any available updates or patches for QuickCMS version 6.8 to address the CSRF issue in the page deletion functionality.