CVE-2017-8302

Name of the Vulnerable Software and Affected Versions Mura CMS version 7.0.6967

Description The issue allows for XSS attacks, related to several files including admin/core/views/carch/list.cfm, admin/core/views/carch/loadsiteflat.cfm, admin/core/views/cusers/inc/dsp nextn.cfm, admin/core/views/cusers/inc/dsp search form.cfm, admin/core/views/cusers/inc/dsp users list.cfm, admin/core/views/cusers/list.cfm, and admin/core/views/cusers/listusers.cfm. The attack is related to the admin/?muraAction= endpoint.

Recommendations For Mura CMS version 7.0.6967, consider restricting access to the admin/?muraAction= endpoint until a patch is available. As a temporary workaround, avoid using the muraAction parameter in the affected endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.