Nina Wagner

**Name of the Vulnerable Software and Affected Versions** Neos CMS versions 3.3.29 through 8.0.1 **Description** Multiple cross-site scripting (XSS) vulnerabilities in Neos CMS allow attackers with the editor role or higher to inject arbitrary script or HTML code using the editor function, the deletion of assets, or a workspace title. **Recommendations** For versions 3.3.29 through 8.0.1, consider disabling the editor function, asset deletion, and workspace title editing for users with the editor role or higher until a patch is available. Restrict access to the editor function, asset deletion, and workspace title editing to minimize the risk of exploitation. Avoid using the affected features in the editor function, asset deletion, and workspace title editing until the issue is resolved.