CVE-2012-2909

Name of the Vulnerable Software and Affected Versions Viscacha version 0.8.1.1

Description The issue allows remote attackers to inject arbitrary web script or HTML via several fields, including the text field in the Private Messages System, the Bad Word field in Zensur, or the Portal or Topic field in Kommentar.

Recommendations For Viscacha version 0.8.1.1, consider disabling the Private Messages System, Zensur, and Kommentar features until a patch is available to prevent exploitation. Restrict access to these components to minimize the risk of arbitrary web script or HTML injection. Avoid using the affected fields in these features until the issue is resolved.