CVE-2007-4281

Name of the Vulnerable Software and Affected Versions KnowledgeTree Open Source versions 3.4 through 3.4.1

Description A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via the login field on the login page. This can be achieved through unspecified vectors, in addition to the login field.

Recommendations For KnowledgeTree Open Source versions 3.4 through 3.4.1, consider restricting access to the login page until a fix is available. As a temporary workaround, avoid using the login field with untrusted input until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.