CVE-2008-5786

Name of the Vulnerable Software and Affected Versions Silva versions prior to 1.6.3.2 Silva 2.0 versions prior to 2.0.12.2 Silva 2.1 versions prior to 2.1.0.2 Silva Find extension version 1.1.5 and earlier

Description A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via the fulltext parameter. This could potentially lead to unauthorized actions on behalf of the user.

Recommendations For Silva versions prior to 1.6.3.2, update to version 1.6.3.2 or later. For Silva 2.0 versions prior to 2.0.12.2, update to version 2.0.12.2 or later. For Silva 2.1 versions prior to 2.1.0.2, update to version 2.1.0.2 or later. For Silva Find extension version 1.1.5 and earlier, update to a version later than 1.1.5. As a temporary workaround, consider restricting access to the fulltext parameter to minimize the risk of exploitation.