CVE-2023-46394

Name of the Vulnerable Software and Affected Versions gougucms version 4.08.18

Description A stored cross-site scripting (XSS) issue in the /home/user/edit submit endpoint allows attackers to execute arbitrary web scripts or HTML by injecting a crafted payload into the headimgurl parameter. This enables attackers to potentially hijack user sessions, steal sensitive data, or perform other malicious actions.

Recommendations For gougucms version 4.08.18, consider disabling access to the /home/user/edit submit endpoint until a patch is available, or restrict the use of the headimgurl parameter to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.