CVE-2012-1296

Name of the Vulnerable Software and Affected Versions Elefant CMS versions 1.0.x through 1.0.2-Beta Elefant CMS versions 1.1.x through 1.1.5-Beta

Description The issue allows remote attackers to inject arbitrary web script or HTML via the title or body parameter to the "admin/preview" endpoint. This can be exploited by sending malicious input to the vulnerable parameters, potentially leading to cross-site scripting (XSS) attacks.

Recommendations For Elefant CMS versions 1.0.x through 1.0.2-Beta, update to version 1.0.2-Beta or later. For Elefant CMS versions 1.1.x through 1.1.5-Beta, update to version 1.1.5-Beta or later. As a temporary workaround, consider restricting access to the apps/admin/handlers/preview.php file and the "admin/preview" endpoint to minimize the risk of exploitation. Avoid using the title and body parameters in the affected endpoint until the issue is resolved.