CVE-2016-7813

DERAEMON-CMS contains a cross-site scripting vulnerability (CWE-79) in install.php affecting version 0.8.9 and earlier. The flaw arises from processing the parameters hostname, database and username, allowing remote attackers to inject arbitrary web script or HTML, which can execute in the victim...