CVE-2009-2437

Name of the Vulnerable Software and Affected Versions Rentventory version 1.0.1

Description The issue allows remote attackers to inject arbitrary web script or HTML via the username and password parameters in a login action, potentially leading to cross-site scripting (XSS) attacks. This could enable attackers to execute malicious scripts on the victim's browser.

Recommendations For Rentventory version 1.0.1, consider restricting access to the login action until a patch is available, and avoid using the username and password parameters in the login action to minimize the risk of exploitation.