CVE-2019-25092

Name of the Vulnerable Software and Affected Versions Nakiami Mellivora versions up to 2.1.x

Description A problematic vulnerability was found in the Admin Panel component, specifically in the function print user ip log of the file include/layout/user.inc.php. The manipulation of the argument $entry['ip'] leads to cross-site scripting. The attack can be launched remotely.

Recommendations For Nakiami Mellivora versions up to 2.1.x, upgrade to version 2.2.0 to address this issue. As a temporary workaround, consider restricting access to the print user ip log function in the include/layout/user.inc.php file until the upgrade is applied.