CVE-2008-1839

Name of the Vulnerable Software and Affected Versions WORK system e-commerce version 4.0.9

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML via the day, month, and year parameters in the module/main.php file.

Recommendations For version 4.0.9, avoid using the day, month, and year parameters in the module/main.php file until a fix is available. As a temporary workaround, consider restricting access to the module/main.php file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.