Name of the Vulnerable Software and Affected Versions No specific software or versions are mentioned.

Description The issue concerns the backend API configuration using Page TSconfig, which is susceptible to arbitrary code execution and cross-site scripting. An attacker can inject malicious sequences through TSconfig fields in page properties within backend forms. The tsconfig includes field is vulnerable to directory traversal, potentially allowing access to TSconfig settings. A valid backend user account with permission to modify pages.TSconfig and pages.tsconfig includes fields is required to exploit this issue.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.