Xmttz

**Name of the Vulnerable Software and Affected Versions** westboy CicadasCMS versions prior to 2431154dac8d0735e04f1fd2a3c3556668fc8dab **Description** A cross site scripting issue exists in westboy CicadasCMS. The affected component is the Template Management Page, specifically the `Save` function within the file src/main/java/com/zhiliao/common/template/TemplateFileServiceImpl.java. This allows for remote exploitation and the exploit has been publicly disclosed. **Recommendations** Update westboy CicadasCMS to a version later than 2431154dac8d0735e04f1fd2a3c3556668fc8dab.

**Name of the Vulnerable Software and Affected Versions** westboy CicadasCMS version 1.0 **Description** A cross site scripting issue exists in an unknown functionality of the file `/system/cms/category/save`. The manipulation of the `categoryName` argument can lead to the execution of remote scripts. The exploit for this issue has been publicly released. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** westboy CicadasCMS version 1.0 **Description** A flaw exists in westboy CicadasCMS version 1.0 related to the Add Department Handler component. The issue stems from manipulating the `Name` argument within the `/system/org/save` file, leading to cross site scripting. This manipulation can be carried out remotely. The exploit has been publicly disclosed. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.