Ricck

**Name of the Vulnerable Software and Affected Versions** Willow CMS versions prior to 1.4.1 **Description** A security flaw exists in Willow CMS that allows for cross site scripting. The issue is related to the processing of the file '/admin/articles/add' within the Add Post Page component. Manipulation of the `title` or `body` argument can trigger the flaw. The attack can be launched remotely and the exploit has been publicly released. **Recommendations** Update Willow CMS to version 1.4.1 or later.

**Name of the Vulnerable Software and Affected Versions** Willow CMS versions prior to 1.4.1 **Description** A flaw exists in Willow CMS that allows for unrestricted file uploads. This issue is present in a file located at `/admin/images/add` and involves an unknown function. Remote attackers can exploit this to upload arbitrary files. The exploit code has been publicly released. **Recommendations** Update Willow CMS to version 1.4.1 or later. As a temporary workaround, restrict access to the `/admin/images/add` file.