CVE-2017-12439

Name of the Vulnerable Software and Affected Versions SocuSoft Flash Slideshow Maker Professional versions prior to v5.21

Description The issue arises when the advanced configuration is used, and the xml path HTTP parameter trusts user-supplied input. This is compounded by an unsafe XML configuration file, leading to content forgery, cross-site scripting, and unvalidated redirection issues. The xml path parameter is vulnerable to user input, which can be exploited.

Recommendations For SocuSoft Flash Slideshow Maker Professional versions prior to v5.21, as a temporary workaround, consider restricting access to the xml path HTTP parameter to minimize the risk of exploitation. Avoid using the xml path parameter in the affected configuration until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.