CVE-2014-9522

Name of the Vulnerable Software and Affected Versions CMS Papoo Light version 6.0.0 (Rev 4701)

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML. Specifically, the author field to "guestbook.php" and the username field to "account.php" are vulnerable.

Recommendations For CMS Papoo Light version 6.0.0 (Rev 4701), consider disabling the guestbook.php and account.php scripts until a patch is available to prevent exploitation through the author and username fields. Restrict access to these scripts to minimize the risk of XSS attacks. Avoid using the author field in "guestbook.php" and the username field in "account.php" until the issue is resolved.