Splint3Rsec

**Name of the Vulnerable Software and Affected Versions** CMSuno version 1.7 **Description** The issue concerns an authenticated stored cross-site scripting vulnerability. It occurs when modifying the `filename` parameter, specifically the `tgo` variable, while updating the theme. **Recommendations** For CMSuno version 1.7, avoid using the `tgo` variable in the filename parameter when updating the theme until a fix is available. Consider restricting access to theme updates to minimize the risk of exploitation.