CVE-2018-9147

Name of the Vulnerable Software and Affected Versions Gespage version 7.5.7

Description The issue allows remote attackers to inject arbitrary web script or HTML via the email, passwd, and repasswd parameters to the "webapp/users/user reg.jsp" API endpoint. This can lead to cross-site scripting (XSS) attacks.

Recommendations For Gespage version 7.5.7, as a temporary workaround, consider restricting access to the "webapp/users/user reg.jsp" endpoint until a patch is available. Avoid using the email, passwd, and repasswd parameters in this endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.