Testvul

**Name of the Vulnerable Software and Affected Versions** CSZCMS version 1.3.0 **Description** A critical issue was found in the File Manager Page component, specifically in the `viewstemplates` file, leading to permission issues. The attack can be launched remotely. The issue has been publicly disclosed. **Recommendations** For CSZCMS version 1.3.0, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** CSZCMS version 1.3.0 **Description** A problematic issue has been found, affecting the Site Settings Page component, specifically the /admin/settings/ part of the file. The manipulation of the `Additional Meta Tag` argument with the input `<svg><animate onbegin=alert(1) attributeName=x dur=1s>` leads to cross-site scripting. This issue can be initiated remotely. The exploit has been publicly disclosed. **Recommendations** For CSZCMS version 1.3.0, as a temporary workaround, consider restricting access to the `Site Settings Page` component, specifically the `/admin/settings/` endpoint, to minimize the risk of exploitation. Avoid using the `Additional Meta Tag` argument in the affected component until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GetSimpleCMS versions 3.3.16 through 3.4.0a **Description** A critical issue affects the processing of the file /admin/theme-edit.php, leading to code injection. The attack can be initiated remotely. **Recommendations** For versions 3.3.16 through 3.4.0a, consider restricting access to the /admin/theme-edit.php file until a patch is available. As a temporary workaround, avoid using the `theme-edit.php` file in the /admin directory to minimize the risk of exploitation.