CVE-2005-4490

Name of the Vulnerable Software and Affected Versions SCOOP! versions 2.3 and earlier

Description The issue allows remote attackers to inject arbitrary web script or HTML via various parameters to different ASP pages, including articleSearch.asp, lostPassword.asp, account login.asp, category.asp, articleZone.asp, prePurchaserRegistration.asp, and requestDemo.asp. The vulnerable parameters include keyword, username, Username, Password, area, articleZoneID, and r.

Recommendations For SCOOP! versions 2.3 and earlier, update to a version later than 2.3 to resolve the issue. As a temporary workaround, consider restricting access to the affected ASP pages until a patch is available. Avoid using invalid parameters in the affected API endpoints until the issue is resolved.