Drimo Cms
Monthly
Reflected XSS in DRIMO CMS search functionality allows remote unauthenticated attackers to execute arbitrary JavaScript in a victim's browser by tricking them into clicking a specially crafted URL containing a malicious payload in the `q` parameter. All versions are affected via the CPE wildcard (cpe:2.3:a:drimo:drimo_cms:*), and the product has been declared End of Life - no security patch will be issued. The sole vendor-acknowledged mitigation, confirmed by CERT-PL, is deletion of the `info.php` file; no public exploit code or KEV listing has been identified at time of analysis.
Reflected XSS in DRIMO CMS search functionality allows remote unauthenticated attackers to execute arbitrary JavaScript in a victim's browser by tricking them into clicking a specially crafted URL containing a malicious payload in the `q` parameter. All versions are affected via the CPE wildcard (cpe:2.3:a:drimo:drimo_cms:*), and the product has been declared End of Life - no security patch will be issued. The sole vendor-acknowledged mitigation, confirmed by CERT-PL, is deletion of the `info.php` file; no public exploit code or KEV listing has been identified at time of analysis.