Kinfedge

Name of the Vulnerable Software and Affected Versions: LaraCMS version 1.0.1 Description: The issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the `content editor`. This enables the execution of malicious scripts, potentially leading to unauthorized actions on the affected system. Recommendations: For LaraCMS version 1.0.1, consider disabling the `content editor` until a patch is available to prevent exploitation of the stored cross-site scripting issue. Restrict access to the `content editor` to minimize the risk of malicious script execution. Avoid using the `content editor` to input untrusted data until the issue is resolved.

Name of the Vulnerable Software and Affected Versions: LaraCMS version 1.0.1 Description: The issue is a stored cross-site scripting (XSS) vulnerability that allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the page management module. This enables attackers to potentially manipulate the website's content or steal user data. Recommendations: For LaraCMS version 1.0.1, consider disabling the page management module until a patch is available to prevent exploitation of the stored XSS vulnerability. Restrict access to this module to minimize the risk of arbitrary web script or HTML execution. At the moment, there is no information about a newer version that contains a fix for this vulnerability.