CVE-2007-4115

Name of the Vulnerable Software and Affected Versions IT!CMS version 0.2

Description The issue allows remote attackers to inject arbitrary web script or HTML, potentially leading to cross-site scripting (XSS) attacks. This can be achieved by injecting malicious input via the wndtitle parameter to specific API endpoints, such as "lang-en.php", "menu-ed.php", or "titletext-ed.php".

Recommendations For IT!CMS version 0.2, as a temporary workaround, consider restricting access to the wndtitle parameter in the affected API endpoints until a patch is available. Avoid using the wndtitle parameter in the "lang-en.php", "menu-ed.php", or "titletext-ed.php" endpoints to minimize the risk of exploitation.