CVE-2007-0119

Name of the Vulnerable Software and Affected Versions EditTag version 1.2

Description The issue allows remote attackers to inject arbitrary web script or HTML, potentially leading to cross-site scripting (XSS) attacks. This can be achieved via the plain parameter to specific API endpoints: "mkpw mp.cgi", "mkpw.pl", or "mkpw.cgi".

Recommendations For EditTag version 1.2, as a temporary workaround, consider restricting access to the plain parameter in the affected API endpoints until a patch is available. Avoid using the plain parameter in the "mkpw mp.cgi", "mkpw.pl", or "mkpw.cgi" endpoints to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.