CVE-2020-14042

Name of the Vulnerable Software and Affected Versions Codiad versions 1.7.8 and later

Description A Cross Site Scripting (XSS) issue was found due to improper sanitization of the folder's name $path variable in components/filemanager/class.filemanager.php. The vendor states that Codiad is no longer under active maintenance by core contributors.

Recommendations As a temporary workaround, consider disabling the class.filemanager.php component until a patch is available. Restrict access to the components/filemanager module to minimize the risk of exploitation. Avoid using the $path variable in the affected file manager functionality until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.