CVE-2023-51252

Name of the Vulnerable Software and Affected Versions PublicCMS version 4.0

Description The issue exists due to a lack of protection for the web page structure in the Online Preview component of PublicCMS. This allows a remote attacker to conduct cross-site scripting (XSS) attacks. The vulnerability can be exploited by uploading files, such as pdf or html files, containing malicious code, which can then be executed through the online preview function, resulting in an XSS popup window.

Recommendations For PublicCMS version 4.0, consider disabling the online preview function until a patch is available to prevent the upload and execution of malicious files. Restrict access to file uploads to minimize the risk of exploitation. Avoid using the online preview function for files from untrusted sources.