CVE-2007-3596

Name of the Vulnerable Software and Affected Versions phpVideoPro versions prior to 0.8.8

Description The issue in phpVideoPro allows non-alphanumeric characters in the sess id parameter, which may lead to remote attacks, possibly including cross-site scripting (XSS).

Recommendations For versions prior to 0.8.8, update to version 0.8.8 or later to resolve the issue. As a temporary workaround, consider restricting the sess id parameter to only allow alphanumeric characters until a patch is applied.