CMSuno 1.7 is vulnerable to an authenticated stored cross site scripting in modifying the filename parameter (tgo) while updating the theme.Referenceshttps://github.com/boiteasite/cmsuno/issues/17http://packetstormsecurity.com/files/163737/CMSuno-1.7-Cross-Site-Scripting.html
