CVE-2008-3849

Name of the Vulnerable Software and Affected Versions Civic Website Manager versions prior to 1.0.1

Description A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML. The attack probably involves the month, day, and year fields.

Recommendations For versions prior to 1.0.1, update to version 1.0.1 or later to resolve the issue. As a temporary workaround, consider restricting user input for the month, day, and year fields to minimize the risk of exploitation.