A vulnerability has been identified in ReloadCMS, which may be exploited by attackers to execute arbitrary scripting code. This flaw is due to an input validation error in the administrative interface that does not validate the "User-Agent" header before it is displayed by the statistics module, which could be exploited by attackers to cause arbitrary scripting code to be executed by the administrator's browser in the security context of an affected Web site.
ReloadCMS version 1.2.5 and prior
HTML or php code injection.
Currently we are not aware of any vendor-supplied patches for this issue.