CVE-2013-20006

Name of the Vulnerable Software and Affected Versions Qool CMS (affected versions not specified)

Description Qool CMS has multiple persistent cross-site scripting issues in several administrative scripts. The application does not properly sanitize POST parameters before storing and returning them to users. This allows attackers to inject malicious JavaScript code through parameters such as title, name, email, username, link, and task. The injection can occur in the following API endpoints: addnewtype, addnewdatafield, addmenu, addusergroup, addnewuserfield, adduser, addgeneraldata, and addcontentitem to execute arbitrary scripts in administrator browsers.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.