CVE-2008-1560

Name of the Vulnerable Software and Affected Versions DigiDomain version 2.2

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML. Specifically, the vulnerabilities can be exploited via the domain parameter to the "lookup result.asp" API endpoint, and the word1 and word2 parameters to the "suggest result.asp" API endpoint.

Recommendations For DigiDomain version 2.2, consider disabling access to the "lookup result.asp" and "suggest result.asp" API endpoints until a patch is available. As a temporary workaround, restrict the use of the domain, word1, and word2 parameters in these endpoints to minimize the risk of exploitation.