CVE-2012-1110

Name of the Vulnerable Software and Affected Versions Etano versions 1.22 and earlier

Description The issue allows remote attackers to inject arbitrary web script or HTML via various parameters to multiple scripts, including join.php, search.php, photo search.php, and photo view.php. The vulnerable parameters include user, email, email2, f17 zip, agree, PATH INFO, st, f17 city, f17 country, f17 state, f19, wphoto, search, v, and return.

Recommendations For Etano versions 1.22 and earlier, as a temporary workaround, consider restricting access to the affected scripts until a patch is available. Avoid using the vulnerable parameters in the affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.