CVE-2012-1781

Name of the Vulnerable Software and Affected Versions SocialCMS version 1.0.5

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML via the TREF email address or TR name parameters in the ajax/commentajax.php file.

Recommendations For SocialCMS version 1.0.5, as a temporary workaround, consider restricting access to the ajax/commentajax.php file until a patch is available. Avoid using the TREF email address and TR name parameters in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.