Cbiuo

**Name of the Vulnerable Software and Affected Versions** WeaselCMS version 0.3.6 **Description** The issue allows remote attackers to inject arbitrary web script or HTML via the PATH INFO to index.php because $ SERVER['PHP SELF'] is mishandled. This can be exploited by sending a malicious request to the "index.php" endpoint. **Recommendations** For WeaselCMS version 0.3.6, update to a version where the handling of $ SERVER['PHP SELF'] is corrected to prevent the injection of arbitrary web script or HTML. As a temporary workaround, consider validating and sanitizing the PATH INFO to prevent malicious input.