CVE-2014-8772

Name of the Vulnerable Software and Affected Versions X3 CMS versions 0.5.1 through 0.5.1.1

Description A cross-site scripting (XSS) issue exists in the search controller, allowing remote authenticated users to inject arbitrary web script or HTML via the search parameter. This can lead to the execution of malicious code on the victim's browser.

Recommendations For X3 CMS versions 0.5.1 through 0.5.1.1, consider restricting access to the search functionality until a fix is available. As a temporary workaround, avoid using the search parameter in the affected API endpoint. At the moment, there is no information about a newer version that contains a fix for this issue.