CVE-2005-3520

Name of the Vulnerable Software and Affected Versions MySource version 2.14.0

Description The issue allows remote attackers to inject arbitrary web script or HTML, potentially leading to cross-site scripting (XSS) attacks. This can be achieved via several parameters in different PHP files, including target url in "upgrade in progress backend.php", stylesheet in "edit table cell type wysiwyg.php", and bgcolor in multiple files such as "insert table.php", "edit table cell props.php", "header.php", "edit table row props.php", and "edit table props.php".

Recommendations For MySource version 2.14.0, as a temporary workaround, consider restricting access to the vulnerable parameters target url, stylesheet, and bgcolor in the respective PHP files until a patch is available. Avoid using these parameters in the affected API endpoints or PHP files until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.