Jcow ≫ Jcow Cms

A Cross-Site Scripting (XSS) vulnerability exists in the g parameter to index.php in Jcow CMS 4.2 and earlier.

A Code Execution vulnerability exists the attachment parameter to index.php in Jcow CMS 4.x to 4.2 and 5.2 to 5.2.