CVE-2020-18414

Name of the Vulnerable Software and Affected Versions Chaoji CMS version 2.18

Description A stored cross site scripting (XSS) issue allows attackers to execute arbitrary code via the "/index.php?admin-master-webset" API endpoint. This enables attackers to inject malicious scripts into the application, potentially leading to unauthorized actions.

Recommendations For Chaoji CMS version 2.18, as a temporary workaround, consider restricting access to the "/index.php?admin-master-webset" API endpoint until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.