Luuthehienhbit

**Name of the Vulnerable Software and Affected Versions** LavaLite CMS version 5.8.0 **Description** A Cross Site Scripting (XSS) issue exists in the Menu Blocks feature of LavaLite CMS, which can be bypassed by using HTML event handlers, such as `ontoggle`. This allows for potential malicious script execution. **Recommendations** For LavaLite CMS version 5.8.0, consider disabling the Menu Blocks feature until a patch is available to prevent exploitation of the XSS issue. Restrict access to the Menu Blocks feature to minimize the risk of malicious script execution. Avoid using HTML event handlers, such as `ontoggle`, in the Menu Blocks feature until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Evolution CMS version 2.0.2 **Description** The issue is a Cross Site Scripting (XSS) vulnerability via the Document Manager feature. This allows for malicious scripts to be injected into the website, potentially leading to unauthorized access or control. **Recommendations** For Evolution CMS version 2.0.2, update to a newer version that contains a fix for this issue, as using the Document Manager feature in this version poses a security risk. As a temporary workaround, consider restricting access to the Document Manager feature until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Textpattern CMS version 4.8.1 **Description** The issue is a Cross Site Scripting (XSS) vulnerability. It occurs via Custom fields in the Menu Preferences feature. **Recommendations** For Textpattern CMS version 4.8.1, update to a version that fixes this issue. As a temporary workaround, consider restricting access to Custom fields in the Menu Preferences feature to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** CMS Made Simple version 2.2.14 **Description** The issue is related to a Cross Site Scripting (XSS) vulnerability. It affects the Logic field in the Content Manager feature. **Recommendations** For CMS Made Simple version 2.2.14, update to a version that fixes this issue, as the current version is affected by the Cross Site Scripting vulnerability. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** CMS Made Simple version 2.2.14 **Description** The issue is related to a Cross Site Scripting (XSS) vulnerability. It affects the "Extra" feature via the 'News > Article' feature. **Recommendations** For CMS Made Simple version 2.2.14, update to a version that contains a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** NavigateCMS version 2.9 **Description** A Cross Site Scripting (XSS) issue exists when performing a Create or Edit action via the Tools feature. This allows for potential malicious script execution. **Recommendations** For NavigateCMS version 2.9, consider disabling the Tools feature temporarily until a patch is available to prevent exploitation of the XSS issue.

**Name of the Vulnerable Software and Affected Versions** NavigateCMS version 2.9 **Description** The issue is related to a Cross Site Scripting (XSS) vulnerability. It affects the `name="wrong path redirect"` feature. **Recommendations** For NavigateCMS version 2.9, consider disabling the `wrong path redirect` feature until a patch is available. Restrict access to this feature to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** NavigateCMS version 2.9 **Description** The issue is related to a SQL Injection vulnerability. It occurs via the URL encoded GET input `category` in the `navigate.php` file. **Recommendations** For NavigateCMS version 2.9, consider restricting access to the `navigate.php` file until a patch is available. As a temporary workaround, avoid using the `category` parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.