CVE-2020-23376
NoneCMS v1.3 is affected by a CSRF vulnerability in the endpoint public/index.php/admin/nav/add.html. The issue allows an attacker to inject arbitrary web script or HTML via the name parameter, enabling a potential stored XSS attack. The vulnerability is documented across multiple sources (e.g., ...