CVE-2010-4734

Name of the Vulnerable Software and Affected Versions Skeletonz CMS version 1.0

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities in the comment feature of Skeletonz CMS when the Blog plugin is enabled. Remote attackers can inject arbitrary web script or HTML via the Name, Website, and Email parameters.

Recommendations For Skeletonz CMS version 1.0, consider disabling the comment feature or restricting access to it until a fix is available. Avoid using the Name, Website, and Email parameters in the comment feature to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.