CVE-2008-6839

Name of the Vulnerable Software and Affected Versions: TGS Content Management version 0.3.2r2

Description: The issue allows remote attackers to inject arbitrary web script or HTML. This can be achieved via the msg and goodmsg parameters to "login.php" and "index.php", and the dir and id parameters to "index.php".

Recommendations: For TGS Content Management version 0.3.2r2, as a temporary workaround, consider restricting access to the vulnerable parameters msg, goodmsg, dir, and id in the affected API endpoints "login.php" and "index.php" until a patch is available. Avoid using these parameters in the respective endpoints to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.