CVE-2018-17322

Name of the Vulnerable Software and Affected Versions YUNUCMS version 1.1.4

Description A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML. This is achieved via the area parameter in the "index.php/index/category/index" API endpoint.

Recommendations For YUNUCMS version 1.1.4, as a temporary workaround, consider restricting access to the "index.php/index/category/index" endpoint until a patch is available. Avoid using the area parameter in this endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.