Impact
DRIMO CMS is vulnerable to reflected XSS through the q query string, an attacker can cause the victim’s browser to execute the code when the crafted URL is visited. The weakness permits client‑side script execution but does not grant access to server resources. This flaw is classified as CWE‑79.
Affected Systems
The vulnerability exists in DRIMO CMS from the vendor DRIMO. No specific product versions are listed, and the CMS is in an End‑of‑Life phase, meaning no security updates will be provided. The only remedial measure documented is the deletion of the info.php file, where the vulnerable search endpoint resides.
Risk and Exploitability
The CVSS score of 5.1 rates the vulnerability as moderate severity. The EPSS score is not available and the vulnerability is not listed in CISA’s KEV catalog. The vulnerability description does not state authentication requirements, so it is inferred that no authentication or privileged state is required. Nevertheless, all installations of this EOL product remain at risk for client‑side script execution.
OpenCVE Enrichment