CVE-2019-8438

Name of the Vulnerable Software and Affected Versions DiliCMS version 2.4.0

Description A Stored XSS issue was found in the first textbox of "System setting->site setting" in admin/index.php, specifically affecting the site name variable.

Recommendations For DiliCMS version 2.4.0, as a temporary workaround, consider restricting access to the "System setting->site setting" page in admin/index.php until a patch is available. Avoid using the site name variable in the affected textbox until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.