CVE-2008-5933

Name of the Vulnerable Software and Affected Versions CMS ISWEB version 3.0

Description The issue allows remote attackers to inject arbitrary web script or HTML via the strcerca parameter or the id oggetto parameter in index.php, potentially leading to cross-site scripting (XSS) attacks.

Recommendations For CMS ISWEB version 3.0, consider restricting input for the strcerca and id oggetto parameters to prevent arbitrary web script or HTML injection until a patch is available. As a temporary workaround, restrict access to the index.php file to minimize the risk of exploitation.