Th3.G4M3_0V3R

**Name of the Vulnerable Software and Affected Versions** w-CMS version 2.01 **Description** The issue allows remote attackers to inject arbitrary web script or HTML. This can be achieved via the `p` parameter in the `getMenus` function in `codes/wcms.php`, or the `COMMENT` parameter in `blog.php`, `guestbook.php`, or `forum.php` in `codes/`. **Recommendations** For w-CMS version 2.01, consider disabling the `getMenus` function in `codes/wcms.php` and restricting access to the `COMMENT` parameter in `blog.php`, `guestbook.php`, and `forum.php` until a patch is available. Avoid using the `p` parameter and the `COMMENT` parameter in the affected files to minimize the risk of exploitation.