X1Ngbox

**Name of the Vulnerable Software and Affected Versions** lucidCMS version 1.0.11 **Description** A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML. This is achieved via the query string in index.php. **Recommendations** For lucidCMS version 1.0.11, update to a version that fixes this issue, as using outdated software can pose significant security risks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** CMS Made Simple version 0.10 **Description** A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via the `page` parameter in the `index.php` file. This could lead to unauthorized actions on the affected system. **Recommendations** For CMS Made Simple version 0.10, consider disabling the `index.php` file or restricting access to it until a patch is available. Avoid using the `page` parameter in the affected API endpoint until the issue is resolved.