CVE-2007-3910

Name of the Vulnerable Software and Affected Versions: Bandersnatch version 0.4

Description: A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary JavaScript via a Jabber resource name and possibly other data items, which are stored in conversation logs.

Recommendations: For Bandersnatch version 0.4, consider disabling the storage of Jabber resource names and other potentially vulnerable data items in conversation logs until a patch is available. Restrict access to conversation logs to minimize the risk of exploitation.