Ya0-Z

Name of the Vulnerable Software and Affected Versions: NotesCMS versions prior to commit 95322c5121dbd7070f3bd54f2848079654a0a8ea Description: A vulnerability exists in NotesCMS, specifically within the `/index.php?route=notes` page. Manipulation of the title of service descriptions leads to a stored cross-site scripting (XSS) issue. The vulnerability was confirmed to be present as of commit 7d821a0f028b0778b245b99ab3d3bff1ac10e2d3 (dated 2024-05-08). The attack can be launched remotely. Recommendations: Update NotesCMS to commit 95322c5121dbd7070f3bd54f2848079654a0a8ea or a later version to resolve this issue.

Name of the Vulnerable Software and Affected Versions: NotesCMS versions prior to commit 95322c5121dbd7070f3bd54f2848079654a0a8ea (dated 2025-03-31) Description: A stored cross-site scripting (XSS) vulnerability exists in NotesCMS. The vulnerability is located on the `/index.php?route=categories` page and occurs due to the manipulation of the title of service descriptions. This allows for remote attacks. Recommendations: Update NotesCMS to commit 95322c5121dbd7070f3bd54f2848079654a0a8ea (dated 2025-03-31) or later.

Name of the Vulnerable Software and Affected Versions: NotesCMS versions prior to commit 95322c5121db7070f3bd54f2848079654a0a8ea (dated 2025-03-31) Description: A stored cross-site scripting (XSS) vulnerability exists due to the manipulation of the title of service descriptions. The vulnerability is present on the `/index.php?route=sites` page. The issue was confirmed as of commit 7d821a0f028b0778b245b99ab3d3bff1ac10e2d3 (dated 2024-05-08). Recommendations: Update NotesCMS to commit 95322c5121db7070f3bd54f2848079654a0a8ea (dated 2025-03-31) or a later version to resolve this issue.

**Name of the Vulnerable Software and Affected Versions** Cotonti Siena version 0.9.25 **Description** A vulnerability has been found in Cotonti Siena. The issue affects the file "/admin.php?m=config&n=edit&o=core&p=title". The manipulation of the value of `title` leads to cross-site scripting. **Recommendations** For Cotonti Siena version 0.9.25, as a temporary workaround, consider restricting access to the "/admin.php?m=config&n=edit&o=core&p=title" endpoint to minimize the risk of exploitation. Avoid using the `title` parameter in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.