CVE-2023-35858

Name of the Vulnerable Software and Affected Versions Modern Campus - Omni CMS version 2023.1

Description The issue allows a remote, unauthenticated attacker to obtain application information through XPath Injection vulnerabilities in the blog and RSS functions.

Recommendations For Modern Campus - Omni CMS version 2023.1, consider restricting access to the blog and RSS functions until a patch is available. As a temporary workaround, avoid using sensitive application information in these functions to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.