CVE-2020-23974

Name of the Vulnerable Software and Affected Versions Create-Project Manager version 1.07

Description The issue concerns a lack of protection in the web page structure, allowing for potential exploitation. This can lead to a remote attacker conducting a cross-site scripting (XSS) attack. The vulnerability is present in multiple areas, including the online chat, social feed, message title tag, and when adding a new client, where all tags are vulnerable.

Recommendations For Create-Project Manager version 1.07, consider disabling the online chat, social feed, and the functionality to add new clients until a patch is available to prevent XSS and HTML injection attacks. Restrict access to these features to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.