CVE-2021-4293

Name of the Vulnerable Software and Affected Versions gnuboard youngcart5 versions up to 5.4.5.1

Description A vulnerability has been found in gnuboard youngcart5, where the manipulation of the argument me link in the file adm/menu list update.php leads to cross site scripting. This issue can be exploited remotely. The affected products are no longer supported by the maintainer.

Recommendations For gnuboard youngcart5 versions up to 5.4.5.1, upgrade to version 5.4.5.2 to address this issue. As a temporary workaround, consider restricting access to the adm/menu list update.php file until the upgrade is applied. Avoid using the me link argument in the affected file to minimize the risk of exploitation.