CVE-2008-0540

Name of the Vulnerable Software and Affected Versions trixbox version 2.4.2.0

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML via the query string to specific API endpoints, such as "index.php" in the "user/" or "maint/" directories.

Recommendations For trixbox version 2.4.2.0, consider restricting access to the "index.php" file in the "user/" and "maint/" directories until a patch is available. As a temporary workaround, avoid using the query string in these endpoints to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.