Sinemsahn

**Name of the Vulnerable Software and Affected Versions** flatCore-CMS version 2.1.0 **Description** A cross-site scripting (XSS) issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the `Username` text field. **Recommendations** For flatCore-CMS version 2.1.0, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Intelliants Subrion CMS version 4.2.1 **Description** A cross-site scripting (XSS) issue in the "/panel/fields/add" component allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the `Field default value` text field. **Recommendations** For Intelliants Subrion CMS version 4.2.1, consider disabling access to the "/panel/fields/add" component until a patch is available to prevent exploitation. Restrict the ability to inject crafted payloads into the `Field default value` text field to minimize risk. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Intelliants Subrion CMS version 4.2.1 **Description** A cross-site scripting (XSS) issue in the CMS Field Add page allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the `tooltip text field`. This enables attackers to potentially steal user data or take control of user sessions. **Recommendations** For Intelliants Subrion CMS version 4.2.1, consider removing or restricting the ability to inject content into the tooltip text field until a patch is available. As a temporary workaround, restrict access to the CMS Field Add page to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.