CVE-2023-48201

Name of the Vulnerable Software and Affected Versions Sunlight CMS version 8.0.1

Description The issue allows remote authenticated attackers to execute arbitrary code and escalate privileges via a crafted script to the Content text editor component. This is a Cross Site Scripting (XSS) vulnerability.

Recommendations For Sunlight CMS version 8.0.1, consider disabling the Content text editor component until a patch is available to prevent exploitation. Restrict access to this component to minimize the risk of arbitrary code execution and privilege escalation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.