Opopo3321

**Name of the Vulnerable Software and Affected Versions** UCMS version 1.4.7 **Description** A problematic issue has been identified, allowing for cross-site scripting through the manipulation of the `strdefault` argument in an unknown function of the file "ajax.php?do=strarraylist". This can be exploited remotely. **Recommendations** For UCMS version 1.4.7, consider restricting access to the "ajax.php?do=strarraylist" endpoint until a fix is available. As a temporary workaround, avoid using the `strdefault` argument in this endpoint to minimize the risk of exploitation.