Falt4Extreme contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'handler' variables upon submission to the 'index.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
Upgrade to version RC4 after 2007-12-10 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.
Vendor Specific News/Changelog Entry: http://sourceforge.net/forum/forum.php?forum_id=762931</a> Secunia Advisory ID:28045 Other Advisory URL: http://www.h-labs.org/blog/2007/12/05/falt4_cms_security_report_advisory.html Generic Exploit URL: http://www.milw0rm.com/exploits/4711 CVE-2007-6310 Bugtraq ID: 26786