CVE-2022-3975

Name of the Vulnerable Software and Affected Versions NukeViet CMS versions prior to 4.5

Description A vulnerability has been found in the function filterAttr of the file vendor/vinades/nukeviet/Core/Request.php of the component Data URL Handler. The manipulation of the argument attrSubSet leads to cross-site scripting. The attack may be launched remotely.

Recommendations To address this issue, upgrade to version 4.5. As a temporary workaround, consider restricting access to the filterAttr function until the upgrade is applied. Additionally, avoid using the attrSubSet argument in the affected component until the issue is resolved.