CVE-2023-43962

Name of the Vulnerable Software and Affected Versions Xunrui CMS Public Edition version 4.6.1

Description The issue allows a remote attacker to execute arbitrary code via the project name function in the project settings tab. This is a Cross Site Scripting vulnerability.

Recommendations For Xunrui CMS Public Edition version 4.6.1, consider disabling the project name function in the project settings tab as a temporary workaround until a patch is available. Restrict access to the project settings tab to minimize the risk of exploitation. Avoid using the project name function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.