CVE-2021-45843

Name of the Vulnerable Software and Affected Versions: glFusion CMS version 1.7.9

Description: The issue concerns a reflected Cross Site Scripting (XSS) vulnerability. Specifically, the value of the title request parameter is copied into an HTML tag attribute encapsulated in double quotation marks and echoed unmodified in the application's response. This allows for potential malicious script injection.

Recommendations: For glFusion CMS version 1.7.9, as a temporary workaround, consider validating and sanitizing the title request parameter to prevent XSS attacks. Ensure that any user-input data is properly encoded before being reflected in the application's response. At the moment, there is no information about a newer version that contains a fix for this vulnerability.