CVE-2020-23977

Name of the Vulnerable Software and Affected Versions KandNconcepts Club CMS versions 1.1 through 1.2

Description The issue concerns a cross-site scripting problem via the id parameter in the team.php, player.php, and club.php scripts. This occurs due to inadequate protection of the webpage structure, allowing a remote attacker to conduct an XSS attack.

Recommendations For versions 1.1 and 1.2, consider restricting access to the id parameter in the affected API endpoints (team.php, player.php, club.php) to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.