CVE-2021-38356

Name of the Vulnerable Software and Affected Versions The NextScripts: Social Networks Auto-Poster versions 4.3.20 and earlier

Description The issue allows for Reflected Cross-Site Scripting via the page parameter, which is echoed out on inc/nxs class snap.php. This can be achieved by supplying the value 'nxssnap-post' to load the page in page along with malicious JavaScript.

Recommendations For versions 4.3.20 and earlier, as a temporary workaround, consider restricting access to the inc/nxs class snap.php file until a patch is available. Avoid using the page parameter in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.