CVE-2010-4850

Name of the Vulnerable Software and Affected Versions Diferior version 8.03

Description The issue allows remote attackers to inject arbitrary web script or HTML, which can lead to cross-site scripting (XSS) attacks. This is possible via several parameters, including the post content parameter to the "post/edit/2/p1.html" endpoint, the slogan parameter to the "admin/site/2.html" endpoint, and the subcatname or description parameters to the "admin/forum/create sub.html" endpoint. These endpoints are related to the views/post.php and views/admin.php files.

Recommendations For Diferior version 8.03, consider disabling the affected parameters, such as post content, slogan, subcatname, and description, in their respective endpoints until a patch is available. Restrict access to the views/post.php and views/admin.php files to minimize the risk of exploitation. Avoid using the vulnerable parameters in the affected API endpoints until the issue is resolved.