CVE-2017-7204

Name of the Vulnerable Software and Affected Versions imdbphp version 5.1.1

Description A Cross-Site Scripting issue was discovered due to insufficient filtration of user-supplied data, specifically the name variable, passed to the "imdbphp-master/demo/search.php" API endpoint. This allows an attacker to execute arbitrary HTML and script code in a browser in the context of the vulnerable website.

Recommendations For imdbphp version 5.1.1, consider filtering or sanitizing user-supplied data, especially the name variable, to prevent the execution of arbitrary code. As a temporary workaround, restrict access to the "imdbphp-master/demo/search.php" endpoint until a proper fix is applied.