CVE-2007-0407

Name of the Vulnerable Software and Affected Versions WebGUI versions prior to 7.3.5 (beta)

Description A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via the username parameter during anonymous registration. This is a different attack vector.

Recommendations For versions prior to 7.3.5 (beta), update to version 7.3.5 (beta) or later to resolve the issue. As a temporary workaround, consider restricting access to anonymous registration or validating and sanitizing the username parameter to prevent malicious input.