CVE-2012-2768

Name of the Vulnerable Software and Affected Versions Best Practical Solutions RT RTFM extension versions 2.0.4 through 2.4.3 rtfm package (affected versions not specified)

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities in the topic administration page of the RTFM extension, allowing remote attackers to inject arbitrary web script or HTML. This could lead to a breach of protected information integrity. The exploitation of these vulnerabilities can be done remotely.

Recommendations For RTFM extension versions 2.0.4 through 2.4.3, consider disabling access to the topic administration page until a patch is available. As a temporary workaround, restrict the use of the RTFM extension to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.