CVE-2008-0359

Name of the Vulnerable Software and Affected Versions BLOG:CMS version 4.2.1b

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML. The injection can occur via the PATH INFO to specific API endpoints, such as "admin.php" or "index.php" in the "photo/" directory.

Recommendations For BLOG:CMS version 4.2.1b, consider restricting access to the "admin.php" and "index.php" endpoints in the "photo/" directory until a fix is available. Avoid using the PATH INFO to inject parameters into these endpoints to minimize the risk of exploitation.