CVE-2019-16657

Name of the Vulnerable Software and Affected Versions TuziCMS version 2.0.6

Description The issue concerns an XSS vulnerability that can be triggered via the PATH INFO to a group URI. This is demonstrated by accessing index.php/article/group/id/2/, which allows for potential malicious script execution.

Recommendations For TuziCMS version 2.0.6, update to a newer version that contains a fix for this issue, if available. As a temporary workaround, consider restricting access to the index.php/article/group/id/ endpoint to minimize the risk of exploitation. Avoid using user-supplied input in the id parameter until the issue is resolved.