CVE-2008-3180

Name of the Vulnerable Software and Affected Versions: ContentNow CMS version 1.4.1

Description: The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML. The injection can occur via the pageid parameter or PATH INFO.

Recommendations: For ContentNow CMS version 1.4.1, consider restricting access to the upload/file/language menu.php file until a patch is available. As a temporary workaround, avoid using the pageid parameter in the affected endpoint.