Overview :
A cross-site scripting (XSS) vulnerability in Wolf CMS 0.75 and earlier allows remote attackers to inject arbitrary web script or HTML via the setting[admin_email] parameter to admin/setting.
Affected Product(s) :
  • Wolf CMS 0.75 and earlier
Vulnerability Details :
CVE ID : CVE-2012-1932
Wolfcms 0.75 (and lower) is prone to a persistent XSS vulnerability due to an improper input sanitization of
“setting[admin_email]” parameter, passed to server side logic (path: “wolfcms/admin/setting”) via http POST method.
Exploiting this vulnerability an authenticated admin could insert arbitrary code in “Site email” field which will be executed
when another admin clicks on “Administrator” tab.

Solution :

latest version will fix the vuln