CVE-2014-8304

Cross-site scripting XSS vulnerability in In-Portal CMS 5.2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the nexttemplate parameter to admin/index.php...