An issue was discovered in DiliCMS 2.4.0. There is a Stored XSS Vulnerability in the third textbox (aka site logo) of “System setting->site setting” of admin/index.php, aka site_logo.
Source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8440
Reference (s):
- https://github.com/chekun/DiliCMS/issues/63