CVE-2008-7043

Name of the Vulnerable Software and Affected Versions Fresh Email Script versions 1.0 through 1.11

Description The issue is related to a cross-site scripting (XSS) vulnerability. This vulnerability allows remote attackers to inject arbitrary web script or HTML via the Email parameter in the register.php file. It can be leveraged to modify cookies and conduct session fixation attacks.

Recommendations For versions 1.0 through 1.11, update the register.php file to properly sanitize the Email parameter to prevent arbitrary web script or HTML injection. As a temporary workaround, consider restricting access to the register.php file until a patch is available.