CVE-2015-0918

Name of the Vulnerable Software and Affected Versions Sefrengo versions prior to 1.6.1

Description A cross-site scripting (XSS) issue exists in the administrative backend, allowing remote attackers to inject arbitrary web script or HTML via the searchterm parameter to "backend/main.php".

Recommendations For versions prior to 1.6.1, update to version 1.6.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the "backend/main.php" endpoint or avoiding the use of the searchterm parameter until the update is applied.