CVE-2008-6838

Name of the Vulnerable Software and Affected Versions: Zoph version 0.7.2.1

Description: A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML. This is achieved via the off parameter in the search.php file.

Recommendations: For Zoph version 0.7.2.1, consider restricting access to the search.php file until a patch is available. As a temporary workaround, avoid using the off parameter in the search.php file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.