CVE-2021-4303

Name of the Vulnerable Software and Affected Versions shannah Xataface versions up to 2.x

Description A problematic issue has been found in the function testftp of the file install/install form.js.php of the component Installer, leading to cross site scripting. The attack may be launched remotely, with a rather high complexity and difficult exploitation. Upgrading to version 3.0.0 can address this issue.

Recommendations For shannah Xataface versions up to 2.x, upgrade to version 3.0.0 to address the issue. As a temporary workaround, consider disabling the testftp function of the Installer component until the upgrade is applied. Note that the Installer is disabled by default.