Published: 2017/05/11  Last Updated: 2017/05/11

Information from Nippon Institute of Agroinformatics Ltd.

Vulnerability ID:JVN#51978169
Title:The installer of SOY CMS vulnerable to cross-site scripting

This is a statement from the vendor itself with no modification by JPCERT/CC.

An installer of SOY CMS has XSS vulnerability.

Affected version: 1.8.12 and lower

Fixed version: 1.8.13 (published on 19th April, 2017)

1. Update to the fixed version.
2. Delete an installer after you have installed SOY CMS.

Other information
1. If you have already delete an installer, there is no vulnerability relating this issue.
2. This vulnerability is not an vulnerability of SOY CMS itself.