Cym1102

**Name of the Vulnerable Software and Affected Versions** cym1102 nginxWebUI versions through 4.3.7 **Description** A cross site scripting issue exists in cym1102 nginxWebUI. The issue is related to manipulation of the `nginxDir` argument within an unknown function of the file /adminPage/conf/check, part of the Web Management Interface component. This manipulation can be executed remotely. The project was informed of the issue but has not responded. The exploit is publicly available. **Recommendations** Versions prior to 4.3.7 are affected. At the moment, there is no information about a newer version that contains a fix for this vulnerability.