CVE-2017-11611

Name of the Vulnerable Software and Affected Versions Wolf CMS version 0.8.3.1

Description The issue arises due to insufficient sanitization of the file name in a "create-file-popup" action and the directory name in a "create-directory-popup" action. This occurs in the HTTP POST method to the "/plugin/file manager/" script, which can be accessed via a URI such as "/admin/plugin/file manager/browse//". This allows for Cross-Site Scripting (XSS) attacks.

Recommendations For Wolf CMS version 0.8.3.1, as a temporary workaround, consider restricting access to the "/plugin/file manager/" script until a patch is available. Avoid using the "create-file-popup" and "create-directory-popup" actions in the HTTP POST method to prevent potential XSS attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.