CVE-2007-6374

Name of the Vulnerable Software and Affected Versions Bitweaver versions 2.0.0 and earlier

Description The issue allows remote attackers to inject arbitrary web script or HTML, potentially leading to cross-site scripting (XSS) attacks. This can be achieved by manipulating the PATH INFO to specific PHP files, such as users/register.php or search/index.php, or by using an editcomments action in wiki/index.php or forums/index.php.

Recommendations For Bitweaver versions 2.0.0 and earlier, consider restricting access to the vulnerable PHP files, such as users/register.php, search/index.php, wiki/index.php, and forums/index.php, until a fix is available. As a temporary workaround, avoid using the editcomments action in wiki/index.php and forums/index.php to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.