CVE-2007-1965

Name of the Vulnerable Software and Affected Versions eXV2 CMS versions 2.0.4.3 and earlier

Description The issue allows remote attackers to inject arbitrary web script or HTML via the set lang parameter to several API endpoints: "archive.php", "article.php", "index.php", or "topics.php".

Recommendations For eXV2 CMS versions 2.0.4.3 and earlier, consider restricting access to the set lang parameter in the affected API endpoints until a patch is available. As a temporary workaround, avoid using the set lang parameter in the "archive.php", "article.php", "index.php", or "topics.php" endpoints to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.