Ue0Vo

**Name of the Vulnerable Software and Affected Versions** u5cms version 8.3.5 **Description** The issue allows for Cross Site Scripting (XSS) when a user accesses the default home page with a specific parameter. The parameter `Onmouseover` can be used to inject HTML code, potentially leading to security issues. For example, when the parameter passed in is `http://127.0.0.1/? "Onmouseover=%27tzgl (96502)%27bad="`, it can cause HTML injection. **Recommendations** For u5cms version 8.3.5, consider disabling access to the default home page or restricting the use of the `Onmouseover` parameter until a patch is available. Avoid using the `Onmouseover` parameter in the affected endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** u5cms version 8.3.5 **Description** The issue is related to a URL redirection vulnerability. This vulnerability can cause a user's browser to be redirected to another site via the /loginsave.php endpoint. **Recommendations** For u5cms version 8.3.5, consider restricting access to the /loginsave.php endpoint until a patch is available. As a temporary workaround, avoid using the /loginsave.php endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.