CVE-2009-3359

Name of the Vulnerable Software and Affected Versions Match Agency BiZ version 1.0

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML. Specifically, the vulnerabilities are found in the important parameter to "edit profile.php" and the pid parameter to "report.php".

Recommendations For Match Agency BiZ version 1.0, as a temporary workaround, consider restricting access to the "edit profile.php" and "report.php" scripts until a patch is available. Avoid using the important parameter in "edit profile.php" and the pid parameter in "report.php" until the issue is resolved.