CVE-2020-23644

Name of the Vulnerable Software and Affected Versions JIZHICMS version 1.7.1

Description A security issue exists where an attacker can execute arbitrary code. The issue is related to the "/index.php/Error/index?msg=" API endpoint, which is vulnerable to XSS attacks. This endpoint is handled by the Home/c/ErrorController.php file.

Recommendations For JIZHICMS version 1.7.1, as a temporary workaround, consider restricting access to the "/index.php/Error/index" endpoint until a patch is available. Avoid using the msg parameter in this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.