CVE-2024-44684

Name of the Vulnerable Software and Affected Versions TpMeCMS version 1.3.3.2

Description The issue is related to Cross Site Scripting (XSS) in the /h.php/page?ref=addtabs endpoint, specifically via the Title, Images, and Content fields. This allows for potential malicious script injection.

Recommendations For TpMeCMS version 1.3.3.2, as a temporary workaround, consider restricting access to the /h.php/page?ref=addtabs endpoint until a patch is available. Additionally, avoid using the Title, Images, and Content fields in this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.