Product
NukeViet CMS version 4.5.08 and earlier is vulnerable to stored cross-site scripting (XSS) via insufficient server-side input sanitization in the Request class, allowing attackers to inject malicious payloads that can lead to session hijacking, defacement, and phishing attacks.