CVE-2015-0876

Name of the Vulnerable Software and Affected Versions Saurus CMS Community Edition versions prior to 4.7 2015-02-04

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML. The print language selectbox function in classes/adminpage.inc.php is affected.

Recommendations For versions prior to 4.7 2015-02-04, update to version 4.7 2015-02-04 or later to resolve the issue. As a temporary workaround, consider restricting access to the print language selectbox function in classes/adminpage.inc.php to minimize the risk of exploitation.