CVE-2020-23371

Name of the Vulnerable Software and Affected Versions noneCms version 1.3.0

Description The issue is related to a cross-site scripting (XSS) vulnerability. It allows remote attackers to inject arbitrary web script or HTML via the movieName parameter in the static/admin/js/kindeditor/plugins/multiimage/images/swfupload.swf file. This can be exploited by attackers to execute malicious scripts on the victim's browser.

Recommendations For noneCms version 1.3.0, as a temporary workaround, consider restricting access to the swfupload.swf file until a patch is available. Avoid using the movieName parameter in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.