CVE-2005-1494

Name of the Vulnerable Software and Affected Versions MegaBook versions 2.0 through 2.1

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML. The entryid and password parameters are specifically vulnerable to such injections.

Recommendations For MegaBook versions 2.0 and 2.1, avoid using the entryid and password parameters in the admin.cgi until a fix is available. As a temporary workaround, consider restricting access to the admin.cgi to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.