CVE-2020-22723

Name of the Vulnerable Software and Affected Versions ljcmsshop version 1.14

Description A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via user.php by registering an account directly in the user center and adding the payload to the delivery address.

Recommendations For version 1.14, consider disabling the account registration feature in the user center until a patch is available to prevent exploitation of the XSS issue via the user.php file. Restrict access to the user.php file to minimize the risk of arbitrary web script or HTML injection.