Sanluan

**Name of the Vulnerable Software and Affected Versions** PublicCMS version 5.202506.b **Description** PublicCMS version 5.202506.b has a Cross Site Scripting (XSS) issue in the Content Search module. The issue allows for the injection of malicious scripts through the Content Search functionality. The vulnerable component is the Content Search module. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Sanluan PublicCMS version 5.202406.d **Description** A vulnerability has been found in the Tag Type Handler component, affecting the file /admin/cmsTagType/save. The manipulation of the `name` argument leads to cross-site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. **Recommendations** For Sanluan PublicCMS version 5.202406.d, update to the latest patch to mitigate risks. As a temporary workaround, consider restricting access to the /admin/cmsTagType/save file until a patch is available. Avoid manipulating the `name` argument in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** sanluan PublicCMS (affected versions not specified) **Description** A vulnerability was found in sanluan PublicCMS, affecting the function `initLink` of the file `dwz.min.js` of the component Tab Handler. The manipulation leads to cross-site scripting. It is possible to launch the attack remotely. **Recommendations** To fix this issue, it is recommended to apply a patch with the name `a972dc9b1c94aea2d84478bf26283904c21e4ca2`. As a temporary workaround, consider disabling the `initLink` function until a patch is available. Restrict access to the `dwz.min.js` file to minimize the risk of exploitation.