CVE-2002-2171

Name of the Vulnerable Software and Affected Versions: acWEB versions 1.8 through 1.14

Description: The issue allows remote attackers to insert arbitrary HTML and web script via a URL, possibly via a "%db" request in a URL. This is a cross-site scripting (XSS) issue.

Recommendations: For acWEB versions 1.8 through 1.14, consider restricting access to URLs that may contain the "%db" request to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.