CVE-2017-6486

Name of the Vulnerable Software and Affected Versions reasoncms versions prior to 4.7.1

Description A Cross-Site Scripting issue was discovered due to insufficient filtration of user-supplied data, specifically the nyroModalSel variable, passed to the "reasoncms-master/www/nyroModal/demoSent.php" API endpoint. This allows an attacker to execute arbitrary HTML and script code in a browser in the context of the vulnerable website.

Recommendations For versions prior to 4.7.1, update to version 4.7.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the "reasoncms-master/www/nyroModal/demoSent.php" API endpoint to minimize the risk of exploitation. Avoid using the nyroModalSel variable in the affected API endpoint until the issue is resolved.