CVE-2008-3565

Name of the Vulnerable Software and Affected Versions Meeting Room Booking System (MRBS) version 1.2.6

Description The issue allows remote attackers to inject arbitrary web script or HTML via the area parameter to several API endpoints, including "day.php", "week.php", "month.php", "search.php", "report.php", and "help.php".

Recommendations For Meeting Room Booking System (MRBS) version 1.2.6, consider restricting access to the vulnerable API endpoints until a patch is available. As a temporary workaround, avoid using the area parameter in the affected endpoints to minimize the risk of exploitation.