CVE-2023-43191

Name of the Vulnerable Software and Affected Versions SpringbootCMS version 1.0 JFinalCMS (affected versions not specified)

Description The issue allows malicious code to be embedded in the foreground message and saved in the database. When users browse comments, the embedded malicious code in the HTML is executed, enabling an attacker to control the user's browser and potentially steal cookies.

Recommendations For SpringbootCMS version 1.0, consider disabling the comment browsing feature until a patch is available to prevent the execution of malicious code. For JFinalCMS, at the moment, there is no information about a newer version that contains a fix for this vulnerability.