CVE-2024-31634

Name of the Vulnerable Software and Affected Versions Xunruicms versions 4.6.3 and before

Description A Cross Site Scripting (XSS) issue allows a remote attacker to execute arbitrary code via the Security.php file in the catalog XunRuiCMSdayruiFcmsLibrary. This enables the attacker to perform malicious actions on the affected system.

Recommendations For Xunruicms versions 4.6.3 and before, consider disabling access to the Security.php file in the XunRuiCMSdayruiFcmsLibrary catalog as a temporary workaround until a patch is available. Restricting access to this file can help minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.