CVE-2024-28715

Name of the Vulnerable Software and Affected Versions DOraCMS versions 2.18 and earlier

Description A Cross Site Scripting issue allows a remote attacker to execute arbitrary code via the markdown0 function in the "/app/public/apidoc/oas3/wrap-components/markdown.jsx" endpoint.

Recommendations For DOraCMS versions 2.18 and earlier, as a temporary workaround, consider disabling the markdown0 function until a patch is available. Restrict access to the "/app/public/apidoc/oas3/wrap-components/markdown.jsx" endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.