CVE-2011-5041

Name of the Vulnerable Software and Affected Versions Pulse Pro CMS version 1.7.2

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML. Specifically, the vulnerabilities can be exploited via the d parameter in a "blocks" action and the post id parameter in an "edit-post" action to "index.php".

Recommendations For Pulse Pro CMS version 1.7.2, consider disabling the "blocks" and "edit-post" actions in index.php until a patch is available. Restrict access to the d and post id parameters to minimize the risk of exploitation.