CVE-2010-2038

Name of the Vulnerable Software and Affected Versions gpEasy CMS version 1.6.2

Description A cross-site scripting (XSS) issue exists, allowing remote authenticated users with Edit privileges to inject arbitrary web script or HTML. This is achieved by manipulating the gpcontent parameter in the index.php file.

Recommendations For gpEasy CMS version 1.6.2, consider restricting access to the index.php file to prevent exploitation, and avoid using the gpcontent parameter until a fix is available. At the moment, there is no information about a newer version that contains a fix for this issue.