CVE-2019-8440
CVE-2019-8440 affects DiliCMS 2.4.0. Affected component: the site_logo field (third textbox) under System setting → site setting in admin/index.php. Description from multiple sources confirms a Stored XSS vulnerability in that field, allowing injection of arbitrary web script/HTML. The root cause...