Mm0X00

**Name of the Vulnerable Software and Affected Versions** KiteCMS version 1.1 **Description** A Cross Site Scripting issue allows a remote attacker to execute arbitrary code via the `comment` parameter. **Recommendations** For KiteCMS version 1.1, avoid using the `comment` parameter until a fix is available. As a temporary workaround, consider restricting access to the comment functionality to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** KiteCMS version 1.1 **Description** A Cross Site Scripting issue allows a remote attacker to execute arbitrary code via the `registering user` parameter. This enables the attacker to perform unauthorized actions on the system. **Recommendations** For KiteCMS version 1.1, as a temporary workaround, consider restricting access to the user registration functionality until a patch is available. Avoid using the `registering user` parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.