CVE-2005-1782

Name of the Vulnerable Software and Affected Versions BookReview version 1.0

Description The issue allows remote attackers to inject arbitrary web script or HTML via several parameters to various pages. Specifically, the node parameter to pages such as "add review.htm", "suggest review.htm", "suggest category.htm", "add booklist.htm", or "add url.htm" is vulnerable. Additionally, the isbn parameter to "add review.htm" and "add contents.htm" and the chapters parameter to the "add contents" page in "index.php" are also affected. The user parameter to "contact.htm" and the submit[string] parameter to "search.htm" are vulnerable as well.

Recommendations For BookReview version 1.0, as a temporary workaround, consider restricting access to the vulnerable parameters such as node, isbn, chapters, user, and submit[string] until a patch is available. Avoid using these parameters in the affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.