CVE-2012-3833

Name of the Vulnerable Software and Affected Versions Quick.CMS version 4.0

Description A cross-site scripting (XSS) issue exists in the default index page in admin/ due to improper validation of user input. This allows remote attackers to inject arbitrary web script or HTML via the p parameter in the affected API endpoint "/admin/".

Recommendations For Quick.CMS version 4.0, as a temporary workaround, consider restricting access to the default index page in admin/ until a patch is available. Avoid using the p parameter in the affected endpoint until the issue is resolved.