CVE-2005-4367

Name of the Vulnerable Software and Affected Versions DRZES HMS version 3.2 CONTROLzx version 3.3.4

Description A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters, possibly the Domain Availability field.

Recommendations For DRZES HMS version 3.2, avoid using the vulnerable search parameters until a fix is available. For CONTROLzx version 3.3.4, restrict access to the register domain.php file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.