CVE-2005-1634

Name of the Vulnerable Software and Affected Versions JGS-XA JGS-Portal version 3.0.2 and earlier

Description The issue allows remote attackers to inject arbitrary web script or HTML via several parameters, including anzahl beitraege to "jgs portal.php", year to "jgs portal statistik.php", year to "jgs portal beitraggraf.php", tag to "jgs portal viewsgraf.php", year to "jgs portal themengraf.php", year to "jgs portal mitgraf.php", id to "jgs portal sponsor.php", or the Accept-Language header to "jgs portal log.php".

Recommendations For JGS-XA JGS-Portal version 3.0.2 and earlier, consider disabling the affected parameters, such as anzahl beitraege, year, tag, and id, until a patch is available. Additionally, restrict access to the Accept-Language header in "jgs portal log.php" to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.