CVE-2012-1979

Name of the Vulnerable Software and Affected Versions SyndeoCMS versions 3.0.01 and earlier

Description The issue is related to a cross-site scripting (XSS) vulnerability. It allows remote authenticated users to inject arbitrary web script or HTML via the email parameter in an edit user configuration action.

Recommendations For SyndeoCMS versions 3.0.01 and earlier, consider restricting access to the edit user configuration action until a patch is available. As a temporary workaround, avoid using the email parameter in the affected configuration action to minimize the risk of exploitation.