CVE-2005-4780

Name of the Vulnerable Software and Affected Versions Fidra Lighthouse CMS versions 1.1.0 and earlier

Description A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via the search parameter in a query string to the home page. The vendor disputes this issue, stating that Lighthouse, as an application server, cannot be susceptible to client-side cross-site scripting attacks on its own.

Recommendations For Fidra Lighthouse CMS versions 1.1.0 and earlier, as a temporary workaround, consider restricting access to the search parameter in the query string to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.