CVE-2009-3593

Name of the Vulnerable Software and Affected Versions Freelancers version 1.0

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML. Specifically, the id parameter to "placebid.php" and the jobid parameter to "post resume.php" are vulnerable.

Recommendations For Freelancers version 1.0, consider restricting access to the "placebid.php" and "post resume.php" scripts until a fix is available. As a temporary workaround, avoid using the id parameter in "placebid.php" and the jobid parameter in "post resume.php" to minimize the risk of exploitation.