CVE-2018-20454

Name of the Vulnerable Software and Affected Versions 74cms version 4.2.111

Description A security issue was found in the software, where the "upload/index.php?c=resume&a=resume list" endpoint is vulnerable to XSS attacks via the key parameter.

Recommendations For version 4.2.111, as a temporary workaround, consider restricting access to the "upload/index.php?c=resume&a=resume list" endpoint until a patch is available. Avoid using the key parameter in this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.