CVE-2019-15750

Name of the Vulnerable Software and Affected Versions SITOS six Build version 6.2.1

Description A Cross-Site Scripting (XSS) issue in the blog function allows remote attackers to inject arbitrary web script or HTML via the id parameter. This enables attackers to execute malicious scripts on the client-side, potentially leading to unauthorized actions or data theft.

Recommendations For SITOS six Build version 6.2.1, consider restricting access to the blog function until a patch is available, and avoid using the id parameter in the affected area to minimize the risk of exploitation.