CVE-2011-5255

Name of the Vulnerable Software and Affected Versions X3 CMS versions 0.4.3.1 and earlier

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML via the PATH INFO, username, or password parameters in the admin/login endpoint.

Recommendations For X3 CMS versions 0.4.3.1 and earlier, as a temporary workaround, consider restricting access to the admin/login endpoint until a patch is available. Avoid using the username and password parameters in the affected endpoint until the issue is resolved.