CVE-2008-2202

Name of the Vulnerable Software and Affected Versions: Maian Uploader version 4.0

Description: The issue allows remote attackers to inject arbitrary web script or HTML, potentially leading to cross-site scripting (XSS) attacks. This can be achieved through several parameters, including the keywords parameter to "upload/admin/index.php" in a search action, the msg charset and msg header9 parameters to "admin/inc/header.php", and the keywords parameter to "index.php" in a search action.

Recommendations: For Maian Uploader version 4.0, update the software to a version that addresses these XSS vulnerabilities, ensuring that the keywords, msg charset, and msg header9 parameters are properly sanitized to prevent arbitrary web script or HTML injection. As a temporary workaround, consider restricting access to the affected "upload/admin/index.php", "admin/inc/header.php", and "index.php" endpoints until a patch is available.