CVE-2009-3192

Name of the Vulnerable Software and Affected Versions LinkorCMS versions 1.2 and earlier

Description The issue allows remote attackers to inject arbitrary web script or HTML via specific parameters in certain actions. This can be achieved through the searchstr parameter in a search action, or the nikname, realname, homepage, or city parameters in a registration action.

Recommendations For LinkorCMS versions 1.2 and earlier, as a temporary workaround, consider restricting access to the search and registration actions until a fix is available. Avoid using the parameters searchstr, nikname, realname, homepage, or city in the affected actions to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.