CVE-2004-1202

Name of the Vulnerable Software and Affected Versions: phpCMS versions 1.2.1 and earlier

Description: A cross-site scripting (XSS) issue exists in the parser.php file of phpCMS, allowing remote attackers to inject arbitrary web script or HTML via the file parameter when non-stealth and debug modes are enabled.

Recommendations: For phpCMS versions 1.2.1 and earlier, consider disabling non-stealth and debug modes to minimize the risk of exploitation until a patch is available. Restrict access to the parser.php file to prevent remote attackers from injecting malicious scripts.