CVE-2023-27711

Name of the Vulnerable Software and Affected Versions Typecho version 1.2.0

Description A Cross Site Scripting issue allows a remote attacker to execute arbitrary code via the Comment Manager component, specifically through the "/admin/manage-comments.php" API endpoint. This enables the attacker to inject malicious scripts into the application.

Recommendations For Typecho version 1.2.0, update to a newer version that contains a fix for this issue to prevent exploitation. As a temporary workaround, consider restricting access to the "/admin/manage-comments.php" endpoint to minimize the risk of arbitrary code execution.