CVE-2020-18451

Name of the Vulnerable Software and Affected Versions: DamiCMS version 6.0.6

Description: A Cross Site Scripting (XSS) issue exists via the title parameter in the doadd function in LabelAction.class.php. This allows for potential malicious script execution. No information is provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited.

Recommendations: For DamiCMS version 6.0.6, consider restricting access to the doadd function in LabelAction.class.php to minimize the risk of exploitation. Avoid using the title parameter in the affected function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.