CVE-2005-4136

Name of the Vulnerable Software and Affected Versions DRZES HMS version 3.2

Description A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML via the customerEmailAddress parameter in the "login.php" file.

Recommendations For DRZES HMS version 3.2, update the login.php file to properly sanitize the customerEmailAddress parameter to prevent XSS attacks. As a temporary workaround, consider restricting access to the login.php file until a patch is available.