Xunruicms · Xunruicms · CVE-2024-24388
**Name of the Vulnerable Software and Affected Versions**
XunRuiCMS versions v4.6.2 and before
**Description**
A cross-site scripting (XSS) issue allows remote attackers to obtain sensitive information via crafted malicious requests to the background login. This can be achieved by sending malicious requests to the background login endpoint.
**Recommendations**
For versions v4.6.2 and before, update to a version later than v4.6.2 to resolve the issue. As a temporary workaround, consider restricting access to the background login endpoint to minimize the risk of exploitation.