Lq0Ne

**Name of the Vulnerable Software and Affected Versions** DOraCMS versions 2.18 and earlier **Description** A Cross Site Scripting issue allows a remote attacker to execute arbitrary code via the `markdown0` function in the "/app/public/apidoc/oas3/wrap-components/markdown.jsx" endpoint. **Recommendations** For DOraCMS versions 2.18 and earlier, as a temporary workaround, consider disabling the `markdown0` function until a patch is available. Restrict access to the "/app/public/apidoc/oas3/wrap-components/markdown.jsx" endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.