CVE-2025-67349

Name of the Vulnerable Software and Affected Versions FluentCMS version 1.2.3

Description The application does not properly sanitize input in the <head> section, which can allow remote attackers to inject arbitrary script tags. This issue was identified after logging in as an administrator and navigating to the "Add Page" function. The issue is a cross-site scripting (XSS) condition.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.