CVE-2007-5304

Name of the Vulnerable Software and Affected Versions: ELSEIF CMS version 0.6

Description: The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML via specific parameters, including the repertimage parameter to "utilisateurs/vousetesbannis.php", the elseifvotetxtresultatduvote parameter to "utilisateurs/votesresultats.php", and the elseifforumtxtmenugeneraleduforum parameter to "moduleajouter/depot/adminforum.php".

Recommendations: For ELSEIF CMS version 0.6, consider disabling access to the vulnerable parameters repertimage, elseifvotetxtresultatduvote, and elseifforumtxtmenugeneraleduforum until a patch is available. Restrict access to the affected API endpoints "utilisateurs/vousetesbannis.php", "utilisateurs/votesresultats.php", and "moduleajouter/depot/adminforum.php" to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.