CVE-2008-5566

Name of the Vulnerable Software and Affected Versions Triangle Solutions PHP Multiple Newsletters version 2.7

Description A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML. This is achieved via the PATH INFO in the index.php file.

Recommendations For version 2.7, update to a newer version that addresses this issue, as using the PATH INFO in index.php can lead to the injection of malicious scripts. As a temporary workaround, consider restricting access to the index.php file to minimize the risk of exploitation.