Ravinder Verma

**Name of the Vulnerable Software and Affected Versions** Sourcecodester News247 News Magazine (CMS) versions 5.6 and higher of PHP, and versions 5.7 and higher of MySQL **Description** A Cross Site Scripting (XSS) issue exists via the blog category name field. This allows for potential malicious script execution. **Recommendations** For PHP versions 5.6 and higher, and MySQL versions 5.7 and higher, consider validating and sanitizing user input in the blog category name field to prevent XSS attacks. As a temporary workaround, consider restricting access to the blog category name field until a proper fix is applied. At the moment, there is no information about a newer version that contains a fix for this vulnerability.