CVE-2008-4179

Name of the Vulnerable Software and Affected Versions NooMS version 1.1

Description The issue allows remote attackers to inject arbitrary web script or HTML. This can be achieved via the page id parameter to "smileys.php" and the q parameter to "search.php".

Recommendations For NooMS version 1.1, consider restricting access to the "smileys.php" and "search.php" scripts until a fix is available. As a temporary workaround, avoid using the page id and q parameters in the affected API endpoints.