CVE-2007-4523

Name of the Vulnerable Software and Affected Versions Ripe Website Manager versions 0.8.9 and earlier

Description The issue allows remote authenticated users to inject arbitrary web script or HTML via several vectors, including the id parameter to "pages/delete page.php", "navigation/delete menu.php", and "navigation/delete item.php" in the admin directory, the menu id, name, page id, and url parameters in "admin/navigation/do new item.php", the new menuname parameter in "admin/navigation/do new nav.php", and the area1, name, and url parameters to "admin/pages/do new page.php". This may involve the Title or textarea field as reachable through "admin/pages/new page.php".

Recommendations For Ripe Website Manager versions 0.8.9 and earlier, as a temporary workaround, consider restricting access to the vulnerable API endpoints, such as "pages/delete page.php", "navigation/delete menu.php", "navigation/delete item.php", "admin/navigation/do new item.php", "admin/navigation/do new nav.php", and "admin/pages/do new page.php", until a patch is available. Avoid using the vulnerable parameters id, menu id, name, page id, url, new menuname, area1 in the affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.