Libiemeo

**Name of the Vulnerable Software and Affected Versions** SEMCMS version 3.5 **Description** The issue allows for XSS via the first text box to the "SEMCMS Main.php" URI. **Recommendations** For SEMCMS version 3.5, update to a version that fixes this issue, or as a temporary workaround, consider restricting access to the SEMCMS Main.php URI to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** WUZHI CMS version 4.1.0 **Description** An issue was discovered in WUZHI CMS, where there is stored XSS in "index.php?m=core&f=index" via an `ontoggle` attribute to `details/open/` within a second input field. **Recommendations** For WUZHI CMS version 4.1.0, consider disabling the `ontoggle` attribute in the "index.php?m=core&f=index" endpoint to minimize the risk of exploitation. Avoid using the `details/open/` parameter in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** WUZHI CMS version 4.1.0 **Description** A stored XSS issue was discovered in the index.php file, specifically via the seventh input field when accessing the core index module, at the endpoint "index.php?m=core&f=index". **Recommendations** For WUZHI CMS version 4.1.0, update to a newer version that contains a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** YUNUCMS version 1.1.5 **Description** A cross-site scripting (XSS) issue was found in the "admin/content/editcontent?id=29&gopage=1" endpoint. This issue allows for potential malicious script execution. **Recommendations** For YUNUCMS version 1.1.5, update to a newer version that contains a fix for this issue, if available. As a temporary workaround, consider restricting access to the "admin/content/editcontent" endpoint to minimize the risk of exploitation. Avoid using the `id` and `gopage` parameters in the affected endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** YUNUCMS version 1.1.5 **Description** A cross-site scripting (XSS) issue was found in the "index.php/admin/area/editarea/id/110000" endpoint. This issue allows for potential malicious script execution. **Recommendations** For YUNUCMS version 1.1.5, update to a newer version that contains a fix for this issue, if available. As a temporary workaround, consider restricting access to the "index.php/admin/area/editarea/id/110000" endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** YUNUCMS version 1.1.5 **Description** A cross-site scripting (XSS) issue was found. The issue is related to the "admin/banner/editbanner?id=20" API endpoint. **Recommendations** For YUNUCMS version 1.1.5, update to a version that includes a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** YUNUCMS version 1.1.5 **Description** A cross-site scripting (XSS) issue was found in the "admin/sitelink/editsitelink?id=16" endpoint. **Recommendations** For YUNUCMS version 1.1.5, consider restricting access to the "admin/sitelink/editsitelink?id=16" endpoint until a fix is available.

**Name of the Vulnerable Software and Affected Versions** YUNUCMS version 1.1.5 **Description** A cross-site scripting (XSS) issue was found in the "index.php/admin/category/editcategory?id=73" API endpoint. This issue affects the ability to securely manage categories. **Recommendations** For YUNUCMS version 1.1.5, update to a newer version that contains a fix for this issue, if available. As a temporary workaround, consider restricting access to the "index.php/admin/category/editcategory?id=73" endpoint until a patch is available. Avoid using the `id` parameter in the affected endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** YUNUCMS version 1.1.5 **Description** A cross-site scripting (XSS) issue was found in the index.php/admin/system/basic endpoint of YUNUCMS. **Recommendations** For YUNUCMS version 1.1.5, update to a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** YUNUCMS version 1.1.5 **Description** A cross-site scripting (XSS) issue was found in the "admin/link/editlink?id=5" endpoint. This issue allows for potential malicious script injection. **Recommendations** For YUNUCMS version 1.1.5, update to a newer version that contains a fix for this issue, if available. As a temporary workaround, consider restricting access to the "admin/link/editlink?id=5" endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** YUNUCMS version 1.1.4 **Description** A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML. This is achieved via the `area` parameter in the "index.php/index/category/index" API endpoint. **Recommendations** For YUNUCMS version 1.1.4, as a temporary workaround, consider restricting access to the "index.php/index/category/index" endpoint until a patch is available. Avoid using the `area` parameter in this endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.