CVE-2024-1146

Name of the Vulnerable Software and Affected Versions Devklan's Alma Blog versions 2.1.10 and earlier

Description The issue allows an attacker to store a malicious JavaScript payload within the application by adding the payload to Community Description or Community Rules. This could enable the attacker to execute malicious scripts on the application.

Recommendations For versions 2.1.10 and earlier, update to a version later than 2.1.10 to resolve the issue. As a temporary workaround, consider restricting the ability to add content to Community Description and Community Rules to minimize the risk of exploitation.