CVE-2009-4744

Name of the Vulnerable Software and Affected Versions Exponent CMS version 0.97-GA20090213

Description A cross-site scripting issue exists in the Contact module, allowing remote attackers to inject arbitrary web script or HTML via the email parameter.

Recommendations For Exponent CMS version 0.97-GA20090213, avoid using the email parameter in the Contact module until a fix is available. Consider restricting access to the Contact module to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.