CVE-2024-1018

Name of the Vulnerable Software and Affected Versions PbootCMS version 3.2.5-20230421

Description A problematic issue has been found, affecting an unknown function of the file /admin.php?p=/Area/index#tab=t2. The manipulation of the name argument leads to cross-site scripting. It is possible to launch the attack remotely.

Recommendations For PbootCMS version 3.2.5-20230421, as a temporary workaround, consider restricting access to the /admin.php?p=/Area/index#tab=t2 endpoint until a patch is available. Avoid using the name argument in this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.