CVE-2015-1373

Name of the Vulnerable Software and Affected Versions ferretCMS version 1.0.4-alpha

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML via specific parameters. The affected parameters include the action parameter in a search request, the username in a login request (which is not properly handled when logging the event), and the page title in an insert action.

Recommendations For ferretCMS version 1.0.4-alpha, as a temporary workaround, consider restricting access to the admin.php file until a patch is available. Avoid using the action parameter in search requests, the username parameter in login requests, and the page title parameter in insert actions until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.