Maxe

**Name of the Vulnerable Software and Affected Versions** transLucid version 1.75 **Description** The issue allows remote attackers to inject arbitrary web script or HTML via the `NodeID` and `action` parameters to the default URI, and the `NodeID` parameter to the default URI for the admin section. Additionally, remote authenticated users can inject arbitrary web script or HTML via the `Title` (aka page name) and `Url` fields in a new or modified page. **Recommendations** For transLucid version 1.75, consider disabling the `NodeID` and `action` parameters to the default URI, and the `NodeID` parameter to the default URI for the admin section, until a patch is available. Also, restrict access to the `Title` and `Url` fields in new or modified pages to minimize the risk of exploitation.