Zephyrdassouli

**Name of the Vulnerable Software and Affected Versions** FearlessCMS version 0.0.2-15 **Description** A Cross Site Scripting issue exists in FearlessCMS. This allows a remote attacker to potentially obtain sensitive information through the `login.php` component. The `login.php` component is the point of exploitation. **Recommendations** Update FearlessCMS to a version that addresses this issue. As a temporary workaround, consider restricting access to the `login.php` component to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** FearlessCMS version 0.0.2-15 **Description** A directory traversal issue exists in FearlessCMS version 0.0.2-15. This allows a remote attacker to potentially cause a denial of service by exploiting the `plugin-handler.php` file and the `deleteDirectory` function. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** FearlessCMS version 0.0.2-15 **Description** A directory traversal issue exists in FearlessCMS. A remote attacker can potentially cause a denial of service by exploiting the `plugin-handler.php` file in conjunction with the `file get contents()` function. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.