CompactCMS is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input. Attacker-supplied script code may be executed in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials. CompactCMS 1.4.1 is vulnerable other versions may also be affected.

Currently, we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: vuldb@securityfocus.com.

• http://www.compactcms.nl
• https://www.securityfocus.com/bid/45819

---

Updated on 2015-03-25