CVE-2013-4722

Name of the Vulnerable Software and Affected Versions cm3 Acora CMS versions 5.5.0/1b-p1 through 6.0.6/1a

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML via the username, url, and qstr parameters in the Admin/login/default.asp file.

Recommendations For cm3 Acora CMS versions 5.5.0/1b-p1 through 6.0.6/1a, consider restricting access to the Admin/login/default.asp file until a fix is available, and avoid using the username, url, and qstr parameters in this context to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.