CVE-2007-1028

Name of the Vulnerable Software and Affected Versions: Barry Jaspan Image Pager versions 4.7.x-1.x-dev and 5.x-1.x-dev before 2007-02-08

Description: The issue is related to a cross-site scripting (XSS) vulnerability that allows remote attackers to inject arbitrary web script or HTML. This is achieved via unspecified vectors related to HTML entities and the IMG element.

Recommendations: For Barry Jaspan Image Pager versions 4.7.x-1.x-dev and 5.x-1.x-dev before 2007-02-08, update to a version released after 2007-02-08 to resolve the issue. As a temporary workaround, consider restricting the use of HTML entities and the IMG element in the module until a patch is available.