CVE-2008-6435

Name of the Vulnerable Software and Affected Versions: phpSQLiteCMS version 1 RC2

Description: The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML via specific parameters. The affected parameters include lang[home], lang[admin menu], and lang[admin menu page overview] in the cms/includes/header.inc.php file, as well as lang[login username] and lang[login password] in the cms/includes/login.inc.php file.

Recommendations: For phpSQLiteCMS version 1 RC2, consider restricting access to the cms/includes/header.inc.php and cms/includes/login.inc.php files until a patch is available. As a temporary workaround, avoid using the parameters lang[home], lang[admin menu], lang[admin menu page overview], lang[login username], and lang[login password] in the affected API endpoints. At the moment, there is no information about a newer version that contains a fix for this vulnerability.