CVE-2022-40841

Name of the Vulnerable Software and Affected Versions NdkAdvancedCustomizationFields version 3.5.0

Description A cross-site scripting (XSS) issue allows attackers to execute arbitrary web scripts or HTML via crafted payloads injected into the htmlNodes parameter. This enables attackers to potentially manipulate web page content or steal user data.

Recommendations For NdkAdvancedCustomizationFields version 3.5.0, consider disabling the use of the htmlNodes parameter until a patch is available to prevent exploitation. Restrict access to areas of the application where this parameter is used to minimize the risk of XSS attacks.