CVE-2014-8304 Information

Description

Cross-site scripting (XSS) vulnerability in In-Portal CMS 5.2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the next_template parameter to admin/index.php.

Reference

http://seclists.org/fulldisclosure/2014/Sep/54 http://websecurity.com.ua/7276