CVE-2020-20522

Name of the Vulnerable Software and Affected Versions KiteCMS version 1.1

Description A Cross Site Scripting issue allows a remote attacker to execute arbitrary code via the registering user parameter. This enables the attacker to perform unauthorized actions on the system.

Recommendations For KiteCMS version 1.1, as a temporary workaround, consider restricting access to the user registration functionality until a patch is available. Avoid using the registering user parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.