CVE-2008-3941

Name of the Vulnerable Software and Affected Versions BizDirectory versions 2.04 and earlier

Description A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via the page parameter in a search action to the default URI. This could potentially lead to unauthorized actions on the affected system.

Recommendations For BizDirectory versions 2.04 and earlier, update to a version later than 2.04 to resolve the issue. As a temporary workaround, consider restricting access to the search action or validating and sanitizing the page parameter to prevent malicious input.