Akobook · Akobook · CVE-2007-4745
Name of the Vulnerable Software and Affected Versions:
AkoBook versions 3.42 and earlier
Description:
The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML via Javascript events in the `gbmail` and `gbpage` parameters in the sign function.
Recommendations:
For AkoBook versions 3.42 and earlier, update to a version later than 3.42 to resolve the issue. As a temporary workaround, consider restricting access to the sign function to minimize the risk of exploitation. Avoid using the `gbmail` and `gbpage` parameters in the sign function until the issue is resolved.