CVE-2017-6906

Name of the Vulnerable Software and Affected Versions SiberianCMS versions prior to 4.10.0

Description The issue is caused by insufficient filtration of user-supplied data passed to the "SiberianCMS-master/errors/500.php" URL, allowing an attacker to execute arbitrary HTML and script code in a browser in the context of the vulnerable website.

Recommendations For versions prior to 4.10.0, update to version 4.10.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the "SiberianCMS-master/errors/500.php" URL to minimize the risk of exploitation.