CVE-2017-7251

Name of the Vulnerable Software and Affected Versions pi-engine/pi version 2.5.0

Description A Cross-Site Scripting (XSS) issue was discovered due to insufficient filtration of user-supplied data, specifically the preview variable, passed to the "pi-develop/www/script/editor/markitup/preview/markdown.php" URL. This allows an attacker to execute arbitrary HTML and script code in a browser within the context of the vulnerable website.

Recommendations For pi-engine/pi version 2.5.0, consider disabling access to the "pi-develop/www/script/editor/markitup/preview/markdown.php" URL until a patch is available, or ensure proper filtration of the preview variable to prevent the execution of arbitrary code.