CVE-2020-24223

Name of the Vulnerable Software and Affected Versions Mara CMS version 7.5

Description The issue allows cross-site scripting (XSS) in contact.php via the theme or pagetheme parameters. This means an attacker could potentially inject malicious scripts into the website, affecting users who visit the compromised page.

Recommendations For Mara CMS version 7.5, as a temporary workaround, consider restricting access to the contact.php page or disabling the theme and pagetheme parameters until a patch is available. Avoid using the theme and pagetheme parameters in the affected contact.php page until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.