Shufenshui

**Name of the Vulnerable Software and Affected Versions** PHPEMS version 11.0 **Description** A cross site scripting issue exists in PHPEMS version 11.0. The issue is related to a function within the `/index.php?ask=app-ask` file. Manipulating the `askcontent` parameter can lead to the execution of cross site scripting attacks. The exploit is publicly available and may be used remotely. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.