CVE-2024-46310

Name of the Vulnerable Software and Affected Versions: Cfx.re FXServer versions v9601 and earlier wpDiscuz (affected versions not specified)

Description: The issue is related to incorrect access control and the failure to neutralize script-related HTML tags on a web page. This can allow a remote attacker to compromise data integrity. Specifically, in Cfx.re FXServer, unauthenticated users can modify and read arbitrary user data via an exposed API endpoint.

Recommendations: For Cfx.re FXServer versions v9601 and earlier, restrict access to the exposed API endpoint to prevent unauthenticated users from modifying and reading user data. For wpDiscuz, as a temporary workaround, consider disabling the processing of script-related HTML tags until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability in wpDiscuz.