CVE-2015-4135

Name of the Vulnerable Software and Affected Versions phpwind version 8.7

Description The issue is related to a cross-site scripting (XSS) vulnerability. This vulnerability allows remote attackers to inject arbitrary web script or HTML via the url parameter in the goto.php file.

Recommendations For phpwind version 8.7, consider validating and sanitizing user input for the url parameter in the goto.php file to prevent XSS attacks. As a temporary workaround, restrict access to the goto.php file until a patch is available.