CVE-2023-46467

Name of the Vulnerable Software and Affected Versions juzawebCMS versions 3.4 and earlier

Description The issue allows a remote attacker to execute arbitrary code via a crafted payload to the username parameter of the registration page. This is a Cross Site Scripting vulnerability.

Recommendations For juzawebCMS versions 3.4 and earlier, consider disabling the registration page or restricting access to it until a patch is available. Avoid using the username parameter in the affected registration page endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.