CVE-2008-3679

Name of the Vulnerable Software and Affected Versions IDevSpot PhpLinkExchange version 1.01

Description The issue allows remote attackers to inject arbitrary web script or HTML. This can be achieved via the catid parameter in various actions, such as user add, recip, tellafriend, or contact, or in a request without an action. Additionally, the id parameter in a tellafriend action is also vulnerable.

Recommendations For IDevSpot PhpLinkExchange version 1.01, consider restricting access to the catid and id parameters in the affected actions until a patch is available. As a temporary workaround, avoid using the catid parameter in a request without an action and the id parameter in a tellafriend action.