CVE-2002-2350

Name of the Vulnerable Software and Affected Versions Zorum version 2.4

Description A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML via the class parameter in z user show.php and dbtreelistproperty method.php.

Recommendations For Zorum version 2.4, consider restricting access to the vulnerable class parameter in z user show.php and dbtreelistproperty method.php to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.