CVE-2024-25875

Name of the Vulnerable Software and Affected Versions Enhavo CMS version 0.13.1

Description A cross-site scripting (XSS) issue in the Header module allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Undertitle text field. This enables attackers to potentially manipulate the website's behavior or steal user data.

Recommendations For Enhavo CMS version 0.13.1, consider disabling the Header module or restricting access to the Undertitle text field until a patch is available. As a temporary workaround, avoid using the Undertitle text field in the Header module to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.