CVE-2009-3450

Name of the Vulnerable Software and Affected Versions RADactive I-Load versions prior to 2008.2.5.0

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities in the WebCoreModule.ashx component. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML via parameters with names beginning with (underscore underscore) sequences. This is possible because these sequences are incompatible with an XSS protection mechanism provided by Microsoft ASP.NET.

Recommendations For versions prior to 2008.2.5.0, update to version 2008.2.5.0 or later to resolve the issue. As a temporary workaround, consider restricting access to parameters with names beginning with sequences in the WebCoreModule.ashx component to minimize the risk of exploitation.