CVE-2023-1349

Name of the Vulnerable Software and Affected Versions Hsycms version 3.1

Description A problematic issue has been found in the file controllercate.php of the component Add Category Module. The manipulation of the title argument leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Recommendations For Hsycms version 3.1, as a temporary workaround, consider restricting the use of the title argument in the affected module until a patch is available. At the moment, there is no information about a newer version that contains a fix for this issue.