CVE-2020-36498

Name of the Vulnerable Software and Affected Versions: Macrob7 Macs Framework Content Management System version 1.14f

Description: The issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the e-mail input field, specifically in the account reset function. This enables the execution of malicious code, potentially leading to unauthorized actions on the system.

Recommendations: For Macrob7 Macs Framework Content Management System version 1.14f, consider disabling the account reset function until a patch is available to prevent exploitation of the cross-site scripting vulnerability. Restrict access to the e-mail input field in the account reset function to minimize the risk of malicious payload execution. At the moment, there is no information about a newer version that contains a fix for this vulnerability.