CVE-2008-3715

Name of the Vulnerable Software and Affected Versions FlexCMS versions 2.5 and earlier

Description A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML via the PreviousColorsString parameter in the inc-core-admin-editor-previouscolorsjs.php file when register globals is enabled.

Recommendations For FlexCMS versions 2.5 and earlier, consider disabling the register globals setting to mitigate the risk of exploitation. As a temporary workaround, restrict access to the inc-core-admin-editor-previouscolorsjs.php file until a patch is available. Avoid using the PreviousColorsString parameter in the affected file until the issue is resolved.