CVE-2009-3512

Name of the Vulnerable Software and Affected Versions MyWeight version 1.0

Description The issue allows remote attackers to inject arbitrary web script or HTML, potentially leading to cross-site scripting (XSS) attacks. This can be achieved via several parameters, including the date parameter to "user addfood.php", info parameter to "user forgot pwd form.php" and "user login.php", and the return parameter to "user login.php".

Recommendations For MyWeight version 1.0, consider restricting access to the vulnerable parameters, such as date, info, and return, in the affected API endpoints until a patch is available. As a temporary workaround, avoid using these parameters in "user addfood.php", "user forgot pwd form.php", and "user login.php" to minimize the risk of exploitation.