CVE-2015-1562

Name of the Vulnerable Software and Affected Versions Saurus CMS version 4.7.0

Description The issue allows remote attackers to inject arbitrary web script or HTML, potentially leading to cross-site scripting (XSS) attacks. This can be achieved via the search parameter to "admin/user management.php", the data search parameter to "/admin/profile data.php", or the filter parameter to "error log.php".

Recommendations For Saurus CMS version 4.7.0, as a temporary workaround, consider restricting access to the affected API endpoints, specifically "admin/user management.php", "/admin/profile data.php", and "error log.php", until a patch is available. Avoid using the search, data search, and filter parameters in these endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.