Security researchers have found vulnerability, which was classified as problematic, in Mara CMS 7.5 version.
Mara CMS performs a similar core function to ‘Content management systems’ such as Joomla!, Drupal or WordPress, – although it differs in many fundamental aspects from those packages. Probably the most significant difference is its being file based instead of database dependent.
This issue affects an unknown code block of the file contact.php. The manipulation of the argument theme with an unknown input leads to a cross site scripting vulnerability. Using CWE to declare the problem leads to CWE-80 .
The weakness was published 08/30/2020. The identification of this vulnerability is CVE-2020-24223 since 08/13/2020. The attack may be initiated remotely. Technical details are known, but no exploit is available.
There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.