Intrusion Prevention

Drake.CMS.UI.DTA.PHP.XSS

Description

This indicates a Cross-site scripting (XSS) vulnerability in Drake CMS. This issue due to input validation errors in the "admin/classes/ui.dta.php" scripts when processing the "desc[][title]" parameter. It allows remote attackers to inject arbitrary web scripts or HTML.

Affected Products

Drake CMS 0.3.7 Beta
Drake CMS 0.3.7

Impact

System compromise.

Recommended Actions

Currently we are not aware of any official supplied fix for issue.
Vendor's Web Site: http://www.drakecms.org/.

CVE References

CVE-2007-1848