CVE-2008-6700

Name of the Vulnerable Software and Affected Versions Butterfly Organizer version 2.0.0

Description The issue allows remote attackers to inject arbitrary web script or HTML, potentially leading to security breaches. This is achieved through several API endpoints, including "view.php", "viewdb2.php", "category-rename.php", and "module-contacts.php", by manipulating the mytable, tablehere, and letter parameters.

Recommendations For Butterfly Organizer version 2.0.0, as a temporary workaround, consider restricting access to the vulnerable API endpoints "view.php", "viewdb2.php", "category-rename.php", and "module-contacts.php" until a patch is available. Avoid using the mytable, tablehere, and letter parameters in these endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.