CVE-2020-18404

Name of the Vulnerable Software and Affected Versions espcms version P8.18101601

Description The issue allows arbitrary code to be executed via the title parameter, enabling cross-site scripting (XSS). This means an attacker could inject malicious code into a website, potentially stealing user data or taking control of the user's session.

Recommendations For espcms version P8.18101601, consider restricting access to the title parameter to minimize the risk of exploitation. Avoid using the title parameter in sensitive operations until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.