CVE-2009-4567

Name of the Vulnerable Software and Affected Versions Viscacha version 0.8 Gold

Description The issue allows remote authenticated users to inject arbitrary web script or HTML via the skype, yahoo, aol, msn, or jabber parameter in a profile2 action in the editprofile.php file.

Recommendations For Viscacha version 0.8 Gold, as a temporary workaround, consider restricting access to the editprofile.php file until a patch is available, and avoid using the parameters skype, yahoo, aol, msn, or jabber in the profile2 action. At the moment, there is no information about a newer version that contains a fix for this issue.