CVE-2012-2083

Name of the Vulnerable Software and Affected Versions Fusion module versions prior to 6.x-1.13

Description The issue is related to a cross-site scripting (XSS) vulnerability. This vulnerability allows remote attackers to inject arbitrary web script or HTML via the q parameter.

Recommendations For versions prior to 6.x-1.13, update to version 6.x-1.13 or later to resolve the issue. As a temporary workaround, consider restricting access to the fusion core preprocess page function in fusion core/template.php until a patch is available. Avoid using the q parameter in affected API endpoints until the issue is resolved.