CVE-2005-4231

Name of the Vulnerable Software and Affected Versions Link Up Gold versions 2.5 and earlier

Description A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML. This can be achieved via the link parameter to "tell friend.php", the phrase[] parameter to "search.php" in a "search links advanced" action, and the direction or sort parameter to "articles.php".

Recommendations For Link Up Gold versions 2.5 and earlier, as a temporary workaround, consider restricting access to the "tell friend.php", "search.php", and "articles.php" scripts until a patch is available. Avoid using the link, phrase[], direction, and sort parameters in the affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.