CVE-2007-3822

Name of the Vulnerable Software and Affected Versions: Webcit versions prior to 7.11

Description: The issue involves multiple cross-site scripting (XSS) vulnerabilities that allow remote attackers to inject arbitrary web script or HTML. The vulnerable parameters include the who parameter to showuser, as well as other vectors related to calendar mode, bulletin board mode, room names, and uploaded file names.

Recommendations: For versions prior to 7.11, update to version 7.11 or later to resolve the issue. As a temporary workaround, consider restricting user input for the who parameter and limiting access to calendar mode, bulletin board mode, and uploaded files until the update is applied. Avoid using potentially malicious room names and uploaded file names until the issue is resolved.