CVE-2008-6571

Name of the Vulnerable Software and Affected Versions LinPHA versions prior to 1.3.4

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities might allow remote attackers to inject arbitrary web script or HTML via certain API endpoints, such as "new images.php" and "login.php", and unspecified vectors.

Recommendations For versions prior to 1.3.4, update to version 1.3.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the "new images.php" and "login.php" endpoints until a patch is available. Avoid using these endpoints in a way that could allow arbitrary web script or HTML injection until the issue is resolved.