There is a cross site scripting vulnerability on CmsWing 1.3.7. This vulnerability (stored XSS) is triggered when visitors access the article module.
Source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24993
Reference (s):
- https://github.com/arterli/CmsWing/issues/54