CVE-2008-4426

Name of the Vulnerable Software and Affected Versions: Phlatline's Personal Information Manager (pPIM) version 1.0

Description: The issue is related to a cross-site scripting (XSS) vulnerability. It allows remote attackers to inject arbitrary web script or HTML via the date parameter in a new action. This occurs in the events.php file.

Recommendations: For version 1.0, avoid using the date parameter in the new action until the issue is resolved. As a temporary workaround, consider restricting access to the events.php file to minimize the risk of exploitation.