CVE-2008-3100

Name of the Vulnerable Software and Affected Versions: Owl Intranet Knowledgebase versions 0.95 and earlier

Description: The issue allows remote attackers to inject arbitrary web script or HTML via the username parameter in a "getpasswd" action to "register.php". This is a cross-site scripting (XSS) issue.

Recommendations: For versions 0.95 and earlier, as a temporary workaround, consider restricting access to the "register.php" endpoint or validating and sanitizing the username parameter to prevent injection of malicious scripts. At the moment, there is no information about a newer version that contains a fix for this vulnerability.