CVE-2023-31862

Name of the Vulnerable Software and Affected Versions jizhicms version 2.4.6

Description The issue allows attackers to publish an article containing malicious JavaScript scripts by modifying the request package, as the content of the article published in the front end is only filtered in the front end, without being filtered in the background.

Recommendations For jizhicms version 2.4.6, consider implementing backend filtering for article content to prevent Cross Site Scripting (XSS) attacks. As a temporary workaround, restrict the ability to publish articles containing JavaScript scripts until a patch is available.