CVE-2008-5761

Name of the Vulnerable Software and Affected Versions FlatnuX CMS (affected versions not specified)

Description The issue allows remote attackers to inject arbitrary web script or HTML, which can be achieved through several parameters, including the mod parameter to the default URI, the foto parameter to photo.php in the 05 Foto module, or the name parameter in an insertrecord action to index.php in the 08 Files module. This can be demonstrated by injecting code within a SRC attribute of an IFRAME element.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.