CVE-2021-40238

Name of the Vulnerable Software and Affected Versions Webuzo versions prior to 2.9.0

Description A Cross Site Scripting (XSS) issue exists in the admin panel of Webuzo via an HTTP request to a non-existent page. This is triggered when administrators view the "Error Log" page. An attacker can exploit this to achieve Unauthenticated Remote Code Execution through the "Cron Jobs" functionality.

Recommendations For versions prior to 2.9.0, update to version 2.9.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the "Error Log" page and the "Cron Jobs" functionality to minimize the risk of exploitation.