CVE-2012-5343

Name of the Vulnerable Software and Affected Versions Limny version 3.0.1

Description A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML via the PATH INFO, related to the PHP SELF variable.

Recommendations For Limny version 3.0.1, consider restricting access to the admin/login.php file until a patch is available, and avoid using the PATH INFO variable in sensitive operations. As a temporary workaround, consider validating and sanitizing all user input to prevent malicious script injection.