CVE-2012-4901 Information

Description

Cross-site scripting (XSS) vulnerability in Template CMS 2.1.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the themes_editor parameter in an add_template action to admin/index.php.

Reference

http://osvdb.org/85895 http://www.securityfocus.com/bid/55766 https://www.exploit-db.com/exploits/21742/ https://www.htbridge.com/advisory/HTB23115