Ritesh Kumar

**Name of the Vulnerable Software and Affected Versions** feindura version 2.0.7 **Description** The issue allows for XSS via the `tags` field of a new page created at "index.php?category=0&page=new". **Recommendations** For feindura version 2.0.7, consider restricting access to the `tags` field in the new page creation process at "index.php?category=0&page=new" until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Pluck version 4.7.7 **Description** The issue allows for XSS (Cross-Site Scripting) attacks via an SVG file containing Javascript in a SCRIPT element. This file can be uploaded through the 'pages->manage' section under the 'admin.php?action=files' endpoint. **Recommendations** For Pluck version 4.7.7, consider restricting access to the file upload functionality under 'admin.php?action=files' to minimize the risk of exploitation. As a temporary workaround, avoid using the file upload feature in the 'pages->manage' section until a patch is available.

**Name of the Vulnerable Software and Affected Versions** GetSimple CMS version 3.3.14 **Description** The issue is related to a Cross-Site Scripting (XSS) problem. It occurs in the `admin/edit.php` file, specifically through the "Add New Page" field. **Recommendations** For GetSimple CMS version 3.3.14, update to a newer version that contains a fix for this issue.