CVE-2007-1646

Name of the Vulnerable Software and Affected Versions: SubHub version 2.3.0

Description: The issue allows remote attackers to inject arbitrary web script or HTML, potentially leading to cross-site scripting (XSS) attacks. This can be achieved via the searchtext parameter to the "/search" API endpoint, or the message parameter to the "/calendar" or "/subscribe" API endpoints.

Recommendations: For SubHub version 2.3.0, consider restricting access to the vulnerable API endpoints "/search", "/calendar", and "/subscribe" until a patch is available. As a temporary workaround, avoid using the searchtext and message parameters in these endpoints to minimize the risk of exploitation.