CVE-2010-4155

Name of the Vulnerable Software and Affected Versions eXV2 CMS version 2.10

Description The issue allows remote attackers to inject arbitrary web script or HTML, which can lead to cross-site scripting (XSS) attacks. This is achieved through the rssfeedURL parameter to "manual/caferss/example.php" and the sumb parameter to "modules/news/archive.php", "modules/news/topics.php", and "modules/contact/index.php".

Recommendations For eXV2 CMS version 2.10, as a temporary workaround, consider restricting access to the vulnerable parameters rssfeedURL and sumb in the affected API endpoints until a patch is available. Avoid using the rssfeedURL parameter in "manual/caferss/example.php" and the sumb parameter in "modules/news/archive.php", "modules/news/topics.php", and "modules/contact/index.php" to minimize the risk of exploitation.