CVE-2020-18693

Name of the Vulnerable Software and Affected Versions: MineWebCMS version 1.7.0

Description: The issue allows remote attackers to execute arbitrary code by injecting malicious code into the Title field of the component "/admin/news". This enables attackers to perform Cross Site Scripting (XSS) attacks.

Recommendations: For MineWebCMS version 1.7.0, consider disabling the "/admin/news" component until a patch is available to prevent exploitation. Restrict access to the "Title" field in the "/admin/news" component to minimize the risk of arbitrary code execution. At the moment, there is no information about a newer version that contains a fix for this vulnerability.