CVE-2017-6489

Name of the Vulnerable Software and Affected Versions EPESI version 1.8.1.1

Description Multiple Cross-Site Scripting (XSS) issues were discovered due to insufficient filtration of user-supplied data passed to the "EPESI-master/modules/Utils/Watchdog/subscribe.php" URL. The vulnerable parameters include element, state, cat, id, and cid. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.

Recommendations For EPESI version 1.8.1.1, consider disabling access to the "EPESI-master/modules/Utils/Watchdog/subscribe.php" URL until a patch is available. Restrict the use of the vulnerable parameters element, state, cat, id, and cid to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.