Tadjmeno

**Name of the Vulnerable Software and Affected Versions** CSZ CMS version 1.2.9 **Description** The issue is a cross-site scripting (XSS) vulnerability that affects multiple pages of the software through the `field name`. This allows for potential malicious script injection. No information is provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited. **Recommendations** For CSZ CMS version 1.2.9, as a temporary workaround, consider restricting access to the vulnerable pages until a patch is available. Avoid using the `field name` in the affected pages to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Batflat CMS version 1.3.6 **Description** The issue allows remote attackers to inject arbitrary web script or HTML via the `field name` variable, potentially leading to cross-site scripting (XSS) attacks. This could enable attackers to execute malicious scripts on the victim's browser. **Recommendations** For Batflat CMS version 1.3.6, update to a version that fixes the XSS vulnerability in Galleries, ensuring that user input in the `field name` is properly sanitized to prevent code injection. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Batflat CMS version 1.3.6 Description: The issue allows remote attackers to inject arbitrary web script or HTML via the `field name` variable, which can lead to cross-site scripting (XSS) attacks. Recommendations: For Batflat CMS version 1.3.6, update to a version that fixes this issue, as using the current version may pose a security risk due to the possibility of XSS attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Batflat CMS version 1.3.6 Description: The issue allows remote attackers to inject arbitrary web script or HTML via the `field name` variable, potentially leading to cross-site scripting (XSS) attacks. This could enable attackers to execute malicious scripts on the victim's browser. Recommendations: For Batflat CMS version 1.3.6, update to a version that fixes this issue, as using the current version may pose a security risk due to the possibility of XSS attacks via the `field name` variable. At the moment, there is no information about a newer version that contains a fix for this vulnerability.