CVE-2005-4489

Name of the Vulnerable Software and Affected Versions Scoop versions 1.1 RC1 and earlier

Description A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via the type and count parameters, and the query string in a story.

Recommendations For Scoop versions 1.1 RC1 and earlier, avoid using the type and count parameters, and restrict access to the query string in a story until a fix is available. As a temporary workaround, consider validating and sanitizing user input for these parameters to minimize the risk of exploitation.