CVE-2020-20345

Name of the Vulnerable Software and Affected Versions: WTCMS version 1.0

Description: The issue is related to a reflective cross-site scripting (XSS) vulnerability in the page management background. This vulnerability allows attackers to obtain cookies via a crafted payload entered into the search box.

Recommendations: For WTCMS version 1.0, as a temporary workaround, consider restricting access to the page management background to minimize the risk of exploitation. Avoid using the search box in the page management background until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.