CVE-2019-18219

Name of the Vulnerable Software and Affected Versions Sitemagic CMS version 4.4.1

Description The issue is related to a Cross-Site-Scripting (XSS) vulnerability due to the failure to validate user input. This allows for JavaScript injection within both GET or POST requests. The affected components are index.php and upgrade.php, where the injection can occur via a crafted URL or via the UpgradeMode POST parameter.

Recommendations For Sitemagic CMS version 4.4.1, consider validating user input to prevent JavaScript injection, and restrict access to the index.php and upgrade.php components until a fix is available. As a temporary workaround, avoid using the UpgradeMode parameter in POST requests to minimize the risk of exploitation.