CVE-2012-2452

Name of the Vulnerable Software and Affected Versions pragmaMx versions 1.x before 1.12.2

Description The issue allows remote attackers to inject arbitrary web script or HTML. This can be achieved via the name parameter to "modules.php" or the img url to "includes/wysiwyg/spaw/editor/plugins/imgpopup/img popup.php".

Recommendations For versions prior to 1.12.2, update to version 1.12.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the "modules.php" and "img popup.php" files to minimize the risk of exploitation. Avoid using the name parameter in "modules.php" and the img url parameter in "img popup.php" until the issue is resolved.