CVE-2002-1334

Name of the Vulnerable Software and Affected Versions: BizDesign ImageFolio versions 3.01 and earlier

Description: A cross-site scripting (XSS) issue allows remote attackers to execute arbitrary web script as other users. This can be achieved via the direct parameter in "imageFolio.cgi" or "nph-build.cgi".

Recommendations: For versions 3.01 and earlier, update to a version later than 3.01 to resolve the issue. As a temporary workaround, consider restricting access to the imageFolio.cgi and nph-build.cgi scripts until a patch is available. Avoid using the direct parameter in these scripts until the issue is resolved.