CVE-2014-9433
Contenido CMS contains multiple XSS vulnerabilities in cms/front_content.php up to version 4.9.6, exploitable when advanced mod rewrite (AMR) is disabled. An attacker can inject arbitrary script via the idart, lang, or idcat parameters. OpenVAS notes a VendorFix remediation (Content release 4.9.6).