CVE-2013-20006 describes multiple stored XSS vulnerabilities across administrative endpoints in Qool CMS, a low-adoption CMS with no confirmed patch status and no active exploitation recorded in CISA KEV. Organizational exposure is low given the software’s limited market presence, but any deployment — including shadow IT, dev, or staging instances — warrants immediate access restriction, input validation review, and decommission if the product is unmaintained. EPSS places exploitation probability at the 13th percentile.