CVE-2007-5426

Name of the Vulnerable Software and Affected Versions: ActiveKB NX version 2.5.4

Description: The issue allows remote attackers to inject arbitrary web script or HTML via the page parameter to the default URI for some directories. This is demonstrated by exploiting the ActiveKB/ and default/categories/ActiveKB/ directories.

Recommendations: For ActiveKB NX version 2.5.4, consider restricting access to the vulnerable directories until a patch is available. As a temporary workaround, avoid using the page parameter in the affected API endpoints.