CVE-2024-22569

Name of the Vulnerable Software and Affected Versions POSCMS version 4.6.2

Description A Stored Cross-Site Scripting (XSS) issue allows attackers to execute arbitrary code via a crafted payload to "/index.php?c=install&m=index&step=2&is install db=0". This enables attackers to inject malicious scripts into the application, potentially leading to unauthorized actions.

Recommendations For POSCMS version 4.6.2, as a temporary workaround, consider restricting access to the "/index.php?c=install&m=index&step=2&is install db=0" endpoint until a patch is available. Avoid using this endpoint with untrusted input to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.