CVE-2002-1965

Name of the Vulnerable Software and Affected Versions Imatix Xitami versions 2.5b4 through 2.5b5

Description A cross-site scripting issue exists, allowing remote attackers to inject arbitrary web script or HTML. This can be achieved via Javascript events, such as an onerror event in an IMG SRC tag, or through the User-Agent field in an HTTP GET request.

Recommendations For Imatix Xitami versions 2.5b4 and 2.5b5, consider disabling Javascript events in the Errors.gsl file as a temporary workaround until a patch is available. Restrict access to the User-Agent field in HTTP GET requests to minimize the risk of exploitation.