CVE-2013-3728

Name of the Vulnerable Software and Affected Versions Kasseler CMS versions prior to 2 r1232

Description The issue allows remote authenticated users with permissions to create categories to inject arbitrary web script or HTML via the cat parameter in an "admin new category" action to "admin.php". This is a cross-site scripting (XSS) issue.

Recommendations For versions prior to 2 r1232, update to version 2 r1232 or later to resolve the issue.