CVE-2019-25093

Name of the Vulnerable Software and Affected Versions dragonexpert Recent Threads on Index (affected versions not specified)

Description A problematic vulnerability was found in the function recentthread list threads of the file inc/plugins/recentthreads/hooks.php of the component Setting Handler. The manipulation of the argument recentthread forumskip leads to cross-site scripting. It is possible to launch the attack remotely.

Recommendations To fix this issue, it is recommended to apply a patch. Specifically, the patch identified as 051465d807a8fcc6a8b0f4bcbb19299672399f48 should be applied. As a temporary workaround, consider disabling the recentthread list threads function until the patch is applied. Additionally, restrict access to the inc/plugins/recentthreads/hooks.php file to minimize the risk of exploitation. Avoid using the argument recentthread forumskip in the affected component until the issue is resolved.