CVE-2022-4596

Name of the Vulnerable Software and Affected Versions Shoplazza version 1.1

Description A problematic issue has been found in the processing of the file "/admin/api/admin/articles/" of the component Add Blog Post Handler. The manipulation of the Title argument leads to cross-site scripting. The attack may be initiated remotely.

Recommendations For Shoplazza version 1.1, consider disabling the Add Blog Post Handler component until a patch is available. Restrict access to the "/admin/api/admin/articles/" endpoint to minimize the risk of exploitation. Avoid using the Title argument in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.