Drake.CMS.UI.DTA.PHP.XSS
Description
This indicates a Cross-site scripting (XSS) vulnerability in Drake CMS. This issue due to input validation errors in the "admin/classes/ui.dta.php" scripts when processing the "desc[][title]" parameter. It allows remote attackers to inject arbitrary web scripts or HTML.
Affected Products
Drake CMS 0.3.7 Beta
Drake CMS 0.3.7
Impact
System compromise.
Recommended Actions
Currently we are not aware of any official supplied fix for issue.
Vendor's Web Site:
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |