CVE-2009-1811

Name of the Vulnerable Software and Affected Versions: myGesuad version 0.9.14

Description: The issue allows remote attackers to inject arbitrary web script or HTML, potentially leading to cross-site scripting (XSS) attacks. This can be achieved through various parameters in different modules, including the Page parameter in a List action to "modules/ereignis.php", the Kontext parameter in a Search action to "modules/kategorie.php", the image parameter to "modules/image.php", or the ID parameter in a Detail action to "modules/sitzung.php".

Recommendations: For myGesuad version 0.9.14, consider disabling the affected modules (ereignis.php, kategorie.php, image.php, sitzung.php) until a patch is available. Restrict access to these modules to minimize the risk of exploitation. Avoid using the parameters Page, Kontext, image, and ID in the respective API endpoints until the issue is resolved.