CVE-2007-2579

Name of the Vulnerable Software and Affected Versions ACP3 version 4.0 beta 3

Description The issue allows remote attackers to inject arbitrary web script or HTML, potentially leading to cross-site scripting (XSS) attacks. This can be achieved through various parameters in different files, including the form[mail] parameter to "contact/contact/index.php", the form[mods][] or form[search term] parameter to "search/list/action search/index.php", the id parameter to "modules/dl/download.php", the form[cat] parameter to "news/list/index.php", the form[cat], form[name], or form[message] parameter to certain "news/details/id */action create/index.php" files, or the form[mail] parameter to "newsletter/create/index.php".

Recommendations As a temporary workaround, consider restricting access to the vulnerable parameters, such as form[mail], form[mods][], form[search term], id, form[cat], form[name], and form[message], until a patch is available. Additionally, avoid using these parameters in the affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.