CVE-2012-1789

Name of the Vulnerable Software and Affected Versions Kongreg8 version 1.7.3

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML. The vulnerable parameters are surname and firstname in the "modules/members/addmember.php" endpoint, as well as groupdescription and groupname in the "modules/groups/addgroupform.php" endpoint.

Recommendations For Kongreg8 version 1.7.3, consider disabling the addmember.php and addgroupform.php modules until a patch is available to prevent exploitation through the surname, firstname, groupdescription, and groupname parameters. Restrict access to these modules to minimize the risk of XSS attacks. Avoid using the vulnerable parameters in the affected endpoints until the issue is resolved.