CVE-2009-3905

Name of the Vulnerable Software and Affected Versions e-Courier CMS (affected versions not specified)

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities that allow remote attackers to inject arbitrary web script or HTML. This can be achieved via the UserGUID parameter to various API endpoints, including "Wizard tracking.asp", "wizard oe2.asp", "your-register.asp", "main-whyregister.asp", and "your.asp" in the home/ directory, as well as other unspecified vectors.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.