CVE-2007-1939

Name of the Vulnerable Software and Affected Versions LanguageTool versions prior to 0.8.9

Description A cross-site scripting (XSS) issue exists in the embedded webserver of LanguageTool, allowing remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly involving an error message or the demultiplex method in HTTPServer.java.

Recommendations For versions prior to 0.8.9, update to version 0.8.9 or later to resolve the issue. As a temporary workaround, consider restricting access to the embedded webserver to minimize the risk of exploitation.