CVE-2007-5112

Name of the Vulnerable Software and Affected Versions Google Urchin versions 5.7.03 and earlier

Description A cross-site scripting (XSS) issue exists in the session.cgi (login page) that allows remote attackers to inject arbitrary web script or HTML via the query string. This can be leveraged to capture login credentials in some browsers that support remembered (auto-completed) passwords.

Recommendations For Google Urchin versions 5.7.03 and earlier, update to a version later than 5.7.03 to resolve the issue. As a temporary workaround, consider restricting access to the session.cgi page until a patch is available. Avoid using the query string in the login page until the issue is resolved.