CVE-2008-2758

Name of the Vulnerable Software and Affected Versions Xigla Absolute News Manager XE version 3.2

Description The issue allows remote authenticated administrators to inject arbitrary web script or HTML. This can be achieved via the pblname and text parameters to "admin/search.asp", the name parameter to "admin/publishers.asp", and other unspecified vectors to "anmviewer.asp" and "editarticleX.asp" in the admin directory.

Recommendations For Xigla Absolute News Manager XE version 3.2, consider restricting access to the "admin/search.asp", "admin/publishers.asp", "anmviewer.asp", and "editarticleX.asp" pages until a fix is available, and avoid using the pblname, text, and name parameters in these API endpoints to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.