CVE-2021-42970

Name of the Vulnerable Software and Affected Versions cxuucms version 3

Description A Cross Site Scripting (XSS) issue exists due to the imgurl of /feedback/post/ content parameter, allowing potential attacks.

Recommendations For cxuucms version 3, as a temporary workaround, consider restricting access to the /feedback/post/ API endpoint until a patch is available. Avoid using the imgurl parameter in the affected content parameter until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.