CVE-2005-2886

Name of the Vulnerable Software and Affected Versions MAXdev MD-Pro versions 1.0.73 and earlier

Description The issue allows remote attackers to inject arbitrary web script or HTML, potentially leading to cross-site scripting (XSS) attacks. This can be achieved via several parameters, including the print parameter to the print module, the sitename parameter to the bb smilies or bbcode ref module, or the hlpfile parameter to openwindow.php.

Recommendations For MAXdev MD-Pro versions 1.0.73 and earlier, consider disabling the print module, bb smilies, bbcode ref module, and restricting access to openwindow.php until a patch is available. Avoid using the print, sitename, and hlpfile parameters in the affected modules and API endpoints until the issue is resolved.