u5CMS: Session Forgery, Privilege Escalation, and RCE
A static SAML nonce in u5CMS allowed any authenticated user to forge sessions as an administrator, leading to RCE. Two additional XSS and open redirect issues were patched in the same release.
Security Research