CVE-2009-2141

Name of the Vulnerable Software and Affected Versions TBDev.NET version 01-01-08

Description The issue allows remote attackers to inject arbitrary web script or HTML, potentially leading to cross-site scripting (XSS) attacks. This can be achieved through several means, including the returnto parameter to makepoll.php, the returnto parameter in a delete action to polls.php, or the Info or Avatar field to my.php.

Recommendations For TBDev.NET version 01-01-08, consider validating and sanitizing user input for the returnto parameter in makepoll.php and polls.php, as well as the Info and Avatar fields in my.php to prevent XSS attacks. As a temporary workaround, restrict access to these parameters and fields until a proper fix is applied.