Multiple cross-site scripting (XSS) vulnerabilities in webfolio/admin/users/edit in Webfolio CMS 1.1.4 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) First name, (2) Last name or (3) Email (required) fields.Referenceshttp://ivanobinetti.blogspot.com/2012/03/webfolio-114-multiple-xss.htmlhttps://exchange.xforce.ibmcloud.com/vulnerabilities/73738http://packetstormsecurity.org/files/110524/Webfolio-CMS-1.1.4-Cross-Site-Scripting.htmlhttp://www.securityfocus.com/bid/52335
