CVE-2009-1614

Name of the Vulnerable Software and Affected Versions: Leap CMS version 0.1.4

Description: The issue allows remote attackers to inject arbitrary web script or HTML. This can be achieved via the msg parameter, also known as the message in an article comment, or the searchterm parameter, also known as the search post form.

Recommendations: For Leap CMS version 0.1.4, consider restricting the input for the msg and searchterm parameters to prevent arbitrary web script or HTML injection until a patch is available. As a temporary workaround, restrict access to the comment and search functionalities to minimize the risk of exploitation.