CVE-2007-2071

Name of the Vulnerable Software and Affected Versions Open-gorotto versions 2.0a 2006/02/08 edition through 2006/04/07 edition

Description The issue allows remote attackers to inject arbitrary web script or HTML via unspecified parameters to various API endpoints, including (1) "pub/modules/d/ top.html", (2) "/pub/modules/a/ access.html", (3) " circletop.html" or (4) " cir66.html" in "pub/modules/ci/", or (5) " fri66.html", (6) " inv66.html", (7) " top.html", (8) " friends.html", or (9) " fri33.html" in "pub/modules/f/".

Recommendations For Open-gorotto versions 2.0a 2006/02/08 edition through 2006/04/07 edition, consider updating to a version released after 20070416 to resolve the issue. As a temporary workaround, consider restricting access to the affected API endpoints until a patch is available. Avoid using unspecified parameters in the affected API endpoints until the issue is resolved.