CVE-2020-9336

Name of the Vulnerable Software and Affected Versions fauzantrif eLection version 2.0

Description The issue concerns a Cross-Site Scripting (XSS) flaw. It occurs via the Admin Dashboard, specifically in the Settings -> Election section, where the "message if election is closed" field is vulnerable. This allows for potential malicious script injection.

Recommendations For fauzantrif eLection version 2.0, as a temporary workaround, consider restricting access to the Admin Dashboard or disabling the "message if election is closed" field until a patch is available. Avoid using this field in the affected area until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.