vendor:
Orbis CMS
by:
5.5
CVSS
MEDIUM
Cross-Site Scripting
79
CWE
Product Name: Orbis CMS
Affected Version From: 1.0.2
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Platforms Tested:
Cross-Site Scripting in Orbis CMS
The Orbis CMS is vulnerable to a cross-site scripting (XSS) vulnerability due to improper input sanitization. An attacker can exploit this vulnerability to execute arbitrary script code in the browser of a victim user, potentially leading to the theft of authentication credentials and other attacks.
Mitigation:
To mitigate this vulnerability, it is recommended to sanitize and validate user-supplied input before using it in the application. Implementing a Content Security Policy (CSP) can also help prevent XSS attacks.