CVE-2008-6400

Name of the Vulnerable Software and Affected Versions: refbase versions prior to 0.9.5

Description: A cross-site scripting issue allows remote attackers to inject arbitrary web script or HTML via the headerMsg parameter to API endpoints such as "show.php" and "search.php".

Recommendations: For versions prior to 0.9.5, update to version 0.9.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the "show.php" and "search.php" API endpoints or avoiding the use of the headerMsg parameter until the issue is resolved.