CVE-2009-4523

Name of the Vulnerable Software and Affected Versions Zainu version 1.0

Description A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via the searchSongKeyword parameter in a "SearchSong" action. This occurs in the index.php file.

Recommendations For Zainu version 1.0, avoid using the searchSongKeyword parameter in the affected SearchSong action until the issue is resolved. As a temporary workaround, consider restricting access to the index.php file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.