CVE-2005-2698

Name of the Vulnerable Software and Affected Versions Nephp Publisher Enterprise version 3.04

Description A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML. This is achieved via a hex-encoded keywords parameter in the browse.php file.

Recommendations For Nephp Publisher Enterprise version 3.04, update the software to a version that fixes this issue, or as a temporary workaround, consider restricting access to the browse.php file to minimize the risk of exploitation. Avoid using the keywords parameter in the affected endpoint until the issue is resolved.