CVE-2024-50540

Name of the Vulnerable Software and Affected Versions: DemixPress (dp) AddThis versions 1.0.0 through 1.0.2

Description: The issue is related to improper neutralization of input during web page generation, which allows for stored cross-site scripting (XSS). This means that an attacker can inject malicious scripts into the website, potentially affecting users who access the compromised page.

Recommendations: For DemixPress (dp) AddThis versions 1.0.0 through 1.0.2, as a temporary workaround, consider disabling the AddThis functionality until a patch is available. Restrict access to the AddThis module to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.