CVE-2019-16521

Name of the Vulnerable Software and Affected Versions Broken Link Checker versions through 1.11.8

Description The issue arises from improper encoding and insertion of an HTTP GET parameter into HTML, leading to Reflected XSS. The filter function on the page listing all detected broken links can be exploited by providing an XSS payload in the s filter GET parameter in a filter id=search request.

Recommendations For versions through 1.11.8, consider disabling the filter function on the broken links page until a resolution is available, as this product has reached its end-of-life and no further updates are expected.