Smitocaru

**Name of the Vulnerable Software and Affected Versions** Brave CMS versions prior to commit 6c56603 **Description** Page and article body content entered through the CKEditor rich-text editor is stored verbatim in the database and rendered using Laravel Blade's unescaped output directive {!! !!}. This allows an editor-role user to inject JavaScript or HTML that is permanently stored and executed in the browser of every visitor when the page loads. **Recommendations** Update to the version containing commit 6c56603.

**Name of the Vulnerable Software and Affected Versions** Brave CMS versions prior to commit 6c56603 **Description** The contact form is publicly accessible without authentication. User-supplied message text is processed by the `nl2br()` function, which converts newlines to `<br>` tags but fails to escape HTML. This content is then rendered in a Blade email template using the unescaped `{!! $msg !!}` directive. Consequently, arbitrary markup can be injected into the email body. Although modern email clients generally block JavaScript, they still render HTML, allowing attackers to create phishing interfaces within emails sent to administrators. **Recommendations** Update to the version containing commit 6c56603.