Name of the Vulnerable Software and Affected Versions No specific software or versions are mentioned in the provided descriptions.

Description The issue concerns the backend API configuration using Page TSconfig, which is susceptible to arbitrary code execution and cross-site scripting. An attacker can exploit this by injecting malicious sequences through the TSconfig fields of page properties in backend forms. Specifically, the tsconfig includes field is vulnerable to directory traversal, potentially leading to unauthorized access to TSconfig settings. A valid backend user account with permissions to modify pages.TSconfig and pages.tsconfig includes values is required to exploit this issue.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.