CVE-2017-6395

Name of the Vulnerable Software and Affected Versions HashOver version 2.0

Description An issue exists due to insufficient filtration of user-supplied data passed to the "hashover/scripts/widget-output.php" API endpoint. This allows an attacker to execute arbitrary HTML and script code in a browser in the context of the vulnerable website.

Recommendations For HashOver version 2.0, consider restricting access to the "hashover/scripts/widget-output.php" API endpoint until a fix is available. Additionally, ensure proper filtration of user-supplied data to prevent arbitrary code execution. At the moment, there is no information about a newer version that contains a fix for this issue.