CVE-2019-13977

Name of the Vulnerable Software and Affected Versions Ovidentia version 8.4.3

Description The issue concerns a problem with index.php in Ovidentia, where there is a possibility of XSS via several specific parameters. The affected parameters include tg=groups, tg=maildoms&idx=create&userid=0&bgrp=y, tg=delegat, tg=site&idx=create, tg=site&item=4, tg=admdir&idx=mdb&id=1, tg=notes&idx=Create, tg=admfaqs&idx=Add, and tg=admoc&idx=addoc&item=.

Recommendations For Ovidentia version 8.4.3, consider restricting access to the vulnerable index.php file until a patch is available. As a temporary workaround, avoid using the specified parameters in the index.php file to minimize the risk of exploitation.