CVE-2020-18699: 
Python vulnerability analysis and mitigation

Cross Site Scripting (XSS) vulnerability was discovered in Lin-CMS-Flask version 0.1.1, identified as CVE-2020-18699. The vulnerability was found in the 'Username' parameter within the component 'app/api/cms/user.py', allowing remote attackers to execute arbitrary code by entering malicious scripts (NVD). The vulnerability was initially published on August 16, 2021.

The vulnerability exists in the register() function of app/api/cms/user.py and get_logs() function of app/api/cms/log.py. When registering users, the application fails to properly sanitize user input in the username field, allowing for the execution of malicious scripts. The vulnerability has been assigned a CVSS v3.1 base score of 6.1 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N (NVD).

When successfully exploited, the vulnerability allows attackers to execute arbitrary scripts in the context of other users' browsers. The XSS payload gets executed in the log when registering users, and the executed payload can be viewed by both the affected user and super users of the application (GitHub Issue).

Users should upgrade to a version newer than v0.1.1 if available. As a general security practice, implementing proper input validation and output encoding for user-supplied data, especially in user registration fields, is recommended (NVD).