CVE-2023-30148

Name of the Vulnerable Software and Affected Versions Opart opartmultihtmlblock versions prior to 2.0.12 Opart multihtmlblock* version 1.0.0

Description Multiple Stored Cross Site Scripting (XSS) vulnerabilities allow remote authenticated users to inject arbitrary web script or HTML via the body text or body text rude field in /sourcefiles/BlockhtmlClass.php and /sourcefiles/blockhtml.php.

Recommendations For Opart opartmultihtmlblock versions prior to 2.0.12, update to version 2.0.12 or later. For Opart multihtmlblock* version 1.0.0, consider disabling the body text and body text rude fields in /sourcefiles/BlockhtmlClass.php and /sourcefiles/blockhtml.php until a patch is available.