CVE-2022-24131

Name of the Vulnerable Software and Affected Versions DouPHP version 1.6 Release 20220121

Description The issue affects the background of DouPHP through the "/admin/login.php" API endpoint, allowing for Cross Site Scripting (XSS) attacks, which can lead to JavaScript code execution.

Recommendations For DouPHP version 1.6 Release 20220121, consider restricting access to the "/admin/login.php" endpoint until a fix is available. As a temporary workaround, avoid using this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.