Passtion

**Name of the Vulnerable Software and Affected Versions** FineCMS versions prior to 2017-07-06 **Description** The issue allows for XSS in the `key name`, `key value`, and `meaning` parameters within the application/core/controller/config.php file. **Recommendations** For versions prior to 2017-07-06, update to a version released after 2017-07-06 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** FineCMS versions prior to 2017-07-06 **Description** The issue is related to Server-Side Request Forgery (SSRF) in the application/lib/ajax/get image data.php file. It occurs when requests are made for non-image files with a modified HTTP Host header. **Recommendations** For versions prior to 2017-07-06, update to a version released after 2017-07-06 to resolve the issue.