CVE-2023-48940

Name of the Vulnerable Software and Affected Versions DaiCuo version 2.5.15

Description A stored cross-site scripting (XSS) issue in the /admin.php endpoint allows attackers to execute arbitrary web scripts or HTML via a crafted payload. This can lead to the execution of malicious code on the victim's browser.

Recommendations For DaiCuo version 2.5.15, update to a version that fixes this issue, as using a crafted payload in the /admin.php endpoint can lead to arbitrary code execution. As a temporary workaround, consider restricting access to the /admin.php endpoint until a patch is available.