CVE-2014-10035

Name of the Vulnerable Software and Affected Versions couponPHP versions prior to 1.2.0

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities in the admin area. These vulnerabilities allow remote administrators to inject arbitrary web script or HTML via various parameters. The affected parameters include sEcho in comments paginate.php or stores paginate.php, and multiple parameters in admin/index.php such as affiliate url, description, domain, seo[description], seo[heading], seo[title], seo[keywords], setting[logo], setting[perpage], and setting[sitename].

Recommendations For versions prior to 1.2.0, update to version 1.2.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the admin area and limiting the use of the affected parameters until the update is applied. Avoid using the specified parameters in the affected API endpoints until the issue is resolved.