CVE-2023-48202

Name of the Vulnerable Software and Affected Versions Sunlight CMS version 8.0.1

Description A Cross-Site Scripting (XSS) issue allows an authenticated low-privileged user to escalate privileges via a crafted SVG file in the File Manager component.

Recommendations For Sunlight CMS version 8.0.1, consider disabling the File Manager component until a patch is available to prevent exploitation of the XSS vulnerability. Restrict access to the File Manager to minimize the risk of privilege escalation. Avoid using crafted SVG files in the File Manager until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.