CVE-2024-50810

Name of the Vulnerable Software and Affected Versions: hopetree izone lts version c011b48

Description: The issue is related to a Cross Site Scripting (XSS) vulnerability in the article comment function. Specifically, the AddCommintView() function in appscommentviews.py does not securely filter user input, rendering it directly to the frontend page through templates. This allows for potential XSS attacks.

Recommendations: For version c011b48, ensure that the AddCommintView() function securely filters user input to prevent XSS attacks. As a temporary workaround, consider disabling the AddCommintView() function until a patch is available. Restrict access to the comment functionality to minimize the risk of exploitation.