CVE-2024-9856

Name of the Vulnerable Software and Affected Versions 07FLYCMS version 1.3.8 07FLY-CMS version 1.3.8 07FlyCRM version 1.3.8

Description A problem was found in the System Settings Page component, where the manipulation of the Login Interface Copyright argument leads to cross-site scripting. This issue can be exploited remotely.

Recommendations For 07FLYCMS version 1.3.8, consider disabling the System Settings Page component until a fix is available. For 07FLY-CMS version 1.3.8, restrict access to the System Settings Page to minimize the risk of exploitation. For 07FlyCRM version 1.3.8, avoid using the Login Interface Copyright argument in the System Settings Page until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.