CVE-2020-21357

Name of the Vulnerable Software and Affected Versions PopojiCMS version 1.2

Description The issue exists due to a lack of protection for the web page structure in the /admin.php?mod=user&act=addnew endpoint of the content management system. This allows a remote attacker to execute arbitrary web or HTML scripts by using a specially crafted payload. The vulnerability can be exploited via the E-Mail field, enabling attackers to execute arbitrary web scripts or HTML.

Recommendations For PopojiCMS version 1.2, as a temporary workaround, consider disabling the /admin.php?mod=user&act=addnew endpoint until a patch is available. Restrict access to this endpoint to minimize the risk of exploitation. Avoid using the E-Mail field in the affected endpoint until the issue is resolved.