CVE-2008-4648

Name of the Vulnerable Software and Affected Versions Elxis CMS version 2008.1 revision 2204

Description A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via several parameters, including PATH INFO, option, Itemid, id, task, bid, and contact id. The error might be located in modules/mod language.php, with index.php potentially being the interaction point.

Recommendations For Elxis CMS version 2008.1 revision 2204, consider restricting access to the vulnerable parameters PATH INFO, option, Itemid, id, task, bid, and contact id to minimize the risk of exploitation. Additionally, as a temporary workaround, consider disabling the interaction with modules/mod language.php until a patch is available.