CVE-2017-14070

Name of the Vulnerable Software and Affected Versions NexusPHP version 1.5.beta5.20120707

Description A Cross Site Scripting (XSS) issue exists, allowing attackers to execute malicious scripts. This is achieved by manipulating the PATH INFO to ipsearch.php, which is related to the PHP SELF variable.

Recommendations For NexusPHP version 1.5.beta5.20120707, as a temporary workaround, consider restricting access to the ipsearch.php file until a patch is available. Avoid using the PATH INFO to ipsearch.php to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.