CVE-2014-100006

Name of the Vulnerable Software and Affected Versions webtrees versions prior to 1.5.2

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML via the map, streetview, or reset parameter in the modules v3/googlemap/wt v3 street view.php file.

Recommendations For versions prior to 1.5.2, update to version 1.5.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the modules v3/googlemap/wt v3 street view.php file until the update is applied. Avoid using the map, streetview, or reset parameter in the affected file until the issue is resolved.