CVE-2005-2324

Name of the Vulnerable Software and Affected Versions Clever Copy versions 2.0 through 2.0a

Description A cross-site scripting issue allows remote attackers to inject arbitrary web script or HTML via the searchtype or searchterm parameters to API endpoints such as "results.php" or "categorysearch.php".

Recommendations For Clever Copy versions 2.0 through 2.0a, as a temporary workaround, consider restricting access to the "results.php" and "categorysearch.php" API endpoints until a patch is available. Avoid using the searchtype and searchterm parameters in these endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.