CVE-2012-1217

Name of the Vulnerable Software and Affected Versions STHS v2 Web Portal version 2.2

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML. The affected API endpoints include "prospects.php", "prospect.php", and "team.php", specifically via the team parameter.

Recommendations For STHS v2 Web Portal version 2.2, consider restricting access to the "prospects.php", "prospect.php", and "team.php" endpoints until a fix is available, and avoid using the team parameter in these endpoints to minimize the risk of exploitation.