CVE-2008-3735

Name of the Vulnerable Software and Affected Versions PHPizabi versions prior to 848 Core HotFix Pack 3

Description The issue is related to a cross-site scripting (XSS) vulnerability. This allows remote attackers to inject arbitrary web script or HTML via the query parameter in a "blogs.search" action.

Recommendations For versions prior to 848 Core HotFix Pack 3, update to 848 Core HotFix Pack 3 or later to resolve the issue. As a temporary workaround, consider restricting access to the index.php file or disabling the blogs.search action until a patch is applied. Avoid using the query parameter in the affected action until the issue is resolved.