Drake.CMS.UI.DTA.PHP.XSS

description-logoDescription

This indicates a Cross-site scripting (XSS) vulnerability in Drake CMS. This issue due to input validation errors in the "admin/classes/ui.dta.php" scripts when processing the "desc[][title]" parameter. It allows remote attackers to inject arbitrary web scripts or HTML.

affected-products-logoAffected Products

Drake CMS 0.3.7 Beta
Drake CMS 0.3.7

Impact logoImpact

System compromise.

recomended-action-logoRecommended Actions

Currently we are not aware of any official supplied fix for issue.
Vendor's Web Site:

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)