CVE-2017-5882

Name of the Vulnerable Software and Affected Versions SanaCMS version 7.3

Description A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML. This is achieved via the search parameter in the index.asp file.

Recommendations For version 7.3, update the index.asp file to properly sanitize the search parameter to prevent arbitrary web script or HTML injection. As a temporary workaround, consider restricting access to the index.asp file until a patch is available.