CVE-2010-2155

Name of the Vulnerable Software and Affected Versions ZoneCheck version 2.1.0

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML. The injection vectors are related to xmlnode.value, zc-error text, $zc version, and domainname in a zc-title row.

Recommendations For ZoneCheck version 2.1.0, consider disabling the xmlnode.value, zc-error text, $zc version, and domainname in a zc-title row functionality until a patch is available to prevent exploitation. Restrict access to sensitive areas of the application to minimize the risk of XSS attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.