CVE-2013-7474

Name of the Vulnerable Software and Affected Versions Windu CMS version 2.2

Description The issue allows for cross-site scripting (XSS) attacks. This can be achieved via the name parameter to 'admin/content/edit' or 'admin/content/add' API endpoints, or the username parameter to the 'admin/users' endpoint.

Recommendations For Windu CMS version 2.2, as a temporary workaround, consider restricting access to the 'admin/content/edit', 'admin/content/add', and 'admin/users' API endpoints until a patch is available. Avoid using the name and username parameters in these endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.