CVE-2008-2533

Name of the Vulnerable Software and Affected Versions Phoenix View CMS versions Pre Alpha2 and earlier

Description The issue allows remote attackers to inject arbitrary web script or HTML. This can be achieved via the ltarget parameter to "admin/admin frame.php" and the conf parameter to several files in "admin/module/", including "gbuch.admin.php", "links.admin.php", "menue.admin.php", "news.admin.php", and "todo.admin.php".

Recommendations For Phoenix View CMS versions Pre Alpha2 and earlier, consider disabling access to the vulnerable parameters ltarget and conf in the affected files until a patch is available. Restrict access to the admin/module/ directory to minimize the risk of exploitation. Avoid using the ltarget parameter in "admin/admin frame.php" and the conf parameter in the specified admin files until the issue is resolved.