CVE-2010-3483

Name of the Vulnerable Software and Affected Versions Primitive CMS version 1.0.9

Description The issue allows remote attackers to gain administrative privileges via a direct request to the cms write.php file, which does not properly restrict access. This can be leveraged to conduct cross-site scripting attacks using the title, content, and menutitle parameters.

Recommendations For Primitive CMS version 1.0.9, restrict access to the cms write.php file to prevent unauthorized requests. As a temporary workaround, consider disabling the cms write.php file until a patch is available. Avoid using the title, content, and menutitle parameters in the affected API endpoint until the issue is resolved.