CVE-2021-31280

Name of the Vulnerable Software and Affected Versions tp5cms versions through 2017-05-25

Description An issue was discovered in the software, where the "admin.php/system/set.html" endpoint has a cross-site scripting (XSS) vulnerability via the keywords parameter.

Recommendations For versions through 2017-05-25, as a temporary workaround, consider restricting access to the "admin.php/system/set.html" endpoint until a patch is available. Avoid using the keywords parameter in this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.