CVE-2018-20563

Name of the Vulnerable Software and Affected Versions DouPHP version 1.5 20181221

Description An issue was discovered in DouCo DouPHP. The "admin/mobile.php?rec=system&act=update" endpoint has a cross-site scripting (XSS) issue via the mobile name parameter.

Recommendations For DouPHP version 1.5 20181221, avoid using the mobile name parameter in the "admin/mobile.php?rec=system&act=update" endpoint until the issue is resolved. As a temporary workaround, consider restricting access to this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.