CVE-2012-6523

Name of the Vulnerable Software and Affected Versions w-CMS version 2.01

Description The issue allows remote attackers to inject arbitrary web script or HTML. This can be achieved via the p parameter in the getMenus function in codes/wcms.php, or the COMMENT parameter in blog.php, guestbook.php, or forum.php in codes/.

Recommendations For w-CMS version 2.01, consider disabling the getMenus function in codes/wcms.php and restricting access to the COMMENT parameter in blog.php, guestbook.php, and forum.php until a patch is available. Avoid using the p parameter and the COMMENT parameter in the affected files to minimize the risk of exploitation.