CVE-2024-8743

Name of the Vulnerable Software and Affected Versions: The Bit File Manager versions up to, and including, 6.5.7

Description: The issue is due to a lack of proper checks on allowed file types, making it possible for authenticated attackers with Subscriber-level access and above, and granted permissions by an administrator, to upload .css and .js files. This could lead to Stored Cross-Site Scripting.

Recommendations: For versions up to, and including, 6.5.7, update to a version later than 6.5.7 to resolve the issue. As a temporary workaround, consider restricting file uploads to only necessary file types until a patch is available. Restrict access to the file upload feature to minimize the risk of exploitation.