CVE-2024-27517

Name of the Vulnerable Software and Affected Versions Webasyst version 2.9.9

Description The issue allows attackers to create blogs containing malicious code after gaining blog permissions, which can lead to a Cross-Site Scripting (XSS) attack.

Recommendations For Webasyst version 2.9.9, consider restricting blog permissions to prevent attackers from creating malicious content until a patch is available. As a temporary workaround, monitor blog posts for suspicious activity and remove any malicious code found. At the moment, there is no information about a newer version that contains a fix for this vulnerability.