CVE-2008-2037

Name of the Vulnerable Software and Affected Versions EditeurScripts EsContacts version 1.0

Description The issue allows remote authenticated users to inject arbitrary web script or HTML. This is achieved via the msg parameter to several API endpoints, including "login.php", "importer.php", "add groupe.php", "contacts.php", "groupes.php", and "search.php".

Recommendations For EditeurScripts EsContacts version 1.0, consider restricting access to the msg parameter in the affected API endpoints until a patch is available. As a temporary workaround, avoid using the msg parameter in the "login.php", "importer.php", "add groupe.php", "contacts.php", "groupes.php", and "search.php" endpoints to minimize the risk of exploitation.