CVE-2021-36545

Name of the Vulnerable Software and Affected Versions tpcms version 3.2

Description A Cross Site Scripting (XSS) issue allows remote attackers to run arbitrary code via the cfg copyright or cfg tel field in the Site Configuration page. This enables attackers to execute malicious scripts on the website.

Recommendations For tpcms version 3.2, as a temporary workaround, consider restricting access to the Site Configuration page until a patch is available. Avoid using the cfg copyright and cfg tel fields in the Site Configuration page until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.