CVE-2007-4542

Name of the Vulnerable Software and Affected Versions MapServer versions prior to 4.10.3

Description The issue involves multiple cross-site scripting (XSS) vulnerabilities that allow remote attackers to inject arbitrary web script or HTML. This is achieved through unspecified vectors involving the processLine function in maptemplate.c and the writeError function in mapserv.c in the mapserv CGI program.

Recommendations For versions prior to 4.10.3, update to version 4.10.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the mapserv CGI program to minimize the risk of exploitation.