CVE-2008-0400

Name of the Vulnerable Software and Affected Versions Singapore version 0.10.1

Description A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML. This is achieved by manipulating the gallery parameter in the default.php file, specifically within the header.tpl.php component of the modern template.

Recommendations For version 0.10.1, consider restricting access to the gallery parameter in default.php to minimize the risk of exploitation. As a temporary workaround, avoid using the gallery parameter until a patch is available.