CVE-2005-0336

Name of the Vulnerable Software and Affected Versions EMotion MediaPartner Web Server version 5.0

Description A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary HTML or web script. This can be demonstrated using a URL containing .. sequences and HTML, resulting in a directory browsing page that does not properly filter the HTML.

Recommendations For EMotion MediaPartner Web Server version 5.0, consider implementing proper HTML filtering for the directory browsing page to prevent arbitrary HTML or web script injection. As a temporary workaround, restrict access to the directory browsing functionality until a proper fix is available.