The host is running Wiccle Web Builder or iWiccle CMS Community Builder and is prone to multiple cross site scripting vulnerabilities.

Successful exploitation will allow attackers to execute arbitrary web script or HTML in a user's browser session in the context of an affected application/site. Impact Level: Application

Upgrade to Wiccle Web Builder CMS version 1.1.0 or later, For updates refer to http://www.wiccle.com/page/download_wiccle Upgrade to iWiccle CMS Community Builder version 1.3.0 or later, For updates refer to http://www.wiccle.com/page/download_iwiccle

The flaws are caused by improper validation of user-supplied input passed via the 'member_city', 'post_name', 'post_text', 'post_tag', 'post_member_name', 'member_username' and 'member_tags' parameters to 'index.php', that allows attackers to execute arbitrary HTML and script code on the web server.

Wiccle Web Builder CMS version 1.0.1 and prior. iWiccle CMS Community Builder version 1.2.1.1 and prior.

• http://www.wiccle.com/news/backstage_news/iwiccle/post/iwiccle_cms_community_builder_130_releas
• http://xforce.iss.net/xforce/xfdb/62726

---

Updated on 2017-03-28