CVE-2017-6909

Name of the Vulnerable Software and Affected Versions Shimmie versions prior to 2.5.1

Description The issue is caused by insufficient filtration of user-supplied data passed to the "shimmie2-master/ext/chatbox/history/index.php" URL, allowing an attacker to execute arbitrary HTML and script code in a browser in the context of the vulnerable website.

Recommendations For versions prior to 2.5.1, update to version 2.5.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the "shimmie2-master/ext/chatbox/history/index.php" URL to minimize the risk of exploitation.