Popojicms · Popojicms · CVE-2020-18065
Name of the Vulnerable Software and Affected Versions:
PopojiCMS version 2.0.1
Description:
A Cross Site Scripting (XSS) issue exists in the admin.php module, specifically when editing menus through the `mod=menumanager` parameter. This allows for potential malicious script execution.
Recommendations:
For PopojiCMS version 2.0.1, update to a newer version that contains a fix for this issue, if available. As a temporary workaround, consider restricting access to the admin.php module, specifically the `mod=menumanager` parameter, to minimize the risk of exploitation. Avoid using the `mod=menumanager` parameter in the admin.php endpoint until the issue is resolved.