CVE-2007-6001

Name of the Vulnerable Software and Affected Versions Bandersnatch version 0.4

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML via specific parameters. The affected parameters include func, date, and jid in certain actions such as log or user actions.

Recommendations For Bandersnatch version 0.4, consider restricting access to the index.php file until a patch is available. As a temporary workaround, avoid using the func, date, and jid parameters in the affected API endpoints. At the moment, there is no information about a newer version that contains a fix for this vulnerability.