CVE-2009-0525

Name of the Vulnerable Software and Affected Versions Sajax version 0.12

Description A cross-site scripting issue exists due to improper handling of the URL parameter in the sajax get common js function within php/Sajax.php. This allows remote attackers to inject arbitrary web script or HTML, particularly when using browsers that do not URL-encode requests.

Recommendations For Sajax version 0.12, consider disabling the sajax get common js function as a temporary workaround until a patch is available. Restrict access to the php/Sajax.php file to minimize the risk of exploitation. Avoid using the URL parameter in affected browsers until the issue is resolved.