CVE-2024-8866

Name of the Vulnerable Software and Affected Versions: AutoCMS version 5.4

Description: A vulnerability was found in AutoCMS, affecting an unknown part of the file /admin/robot.php. The manipulation of the sidebar argument leads to cross-site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This issue can compromise admin access and lead to data theft.

Recommendations: For AutoCMS version 5.4, patch immediately and validate user input to prevent exploitation. As a temporary workaround, consider restricting access to the /admin/robot.php endpoint or disabling the manipulation of the sidebar argument until a patch is available.