Shadoweb

**Name of the Vulnerable Software and Affected Versions** WDJA CMS version 1.5 **Description** The issue allows remote attackers to conduct cross-site scripting (XSS) attacks. This is achieved through a cross-site request forgery (CSRF) in the admin/global/manage.php file via the `tongji` parameter. **Recommendations** For WDJA CMS version 1.5, consider restricting access to the `admin/global/manage.php` file until a patch is available, and avoid using the `tongji` parameter in this context to minimize the risk of exploitation.