Xmirandax

**Name of the Vulnerable Software and Affected Versions** Gila CMS version 1.10.9 **Description** A problematic issue was found in Gila CMS, affecting an unknown part of the file `/cm/update rows/page?id=2` within the HTTP POST Request Handler component. The manipulation of the `content` argument leads to cross-site scripting. This issue can be initiated remotely. **Recommendations** For Gila CMS version 1.10.9, patch immediately and validate user input to mitigate the risk of malicious script execution. As a temporary workaround, consider restricting access to the `/cm/update rows/page?id=2` endpoint until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Bolt CMS version 3.7.1 **Description** A vulnerability was found in the Entry Preview Handler component, affecting the processing of the file /preview/page. The manipulation of the `body` argument leads to cross-site scripting. The attack can be initiated remotely. This issue only affects products that are no longer supported by the maintainer. **Recommendations** As a temporary workaround, consider disabling the Entry Preview Handler component until a patch is available. Restrict access to the /preview/page file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Bolt CMS version 3.7.1 **Description** A problematic vulnerability has been found in the Showcase Creation Handler component, affecting an unknown function of the file /bolt/editcontent/showcases. The manipulation of the `textarea` argument leads to cross-site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. This issue only affects products that are no longer supported by the maintainer, and the vendor has confirmed that the affected release tree is end-of-life. **Recommendations** As a temporary workaround, consider disabling the unknown function of the file /bolt/editcontent/showcases until a patch is available. Restrict access to the Showcase Creation Handler component to minimize the risk of exploitation. Avoid using the `textarea` argument in the affected file until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.