CVE-2021-43689

Name of the Vulnerable Software and Affected Versions: manage version (last update Oct 24, 2017)

Description: The issue is related to a Cross Site Scripting (XSS) vulnerability in the Application/Home/Controller/GoodsController.class.php file. This vulnerability allows for the termination of the script and the printing of a message that includes values from the $ POST variable.

Recommendations: For the manage version (last update Oct 24, 2017), as a temporary workaround, consider restricting access to the GoodsController.class.php file until a patch is available. Additionally, avoid using the exit function with user-supplied input from $ POST to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.