CVE-2003-0416

Name of the Vulnerable Software and Affected Versions: Bandmin version 1.4

Description: A cross-site scripting (XSS) issue exists, allowing remote attackers to insert arbitrary HTML or script via specific parameters in certain actions. The vulnerable parameters include the year parameter in a "showmonth" action, the month parameter in a "showmonth" action, and the host parameter in a "showhost" action.

Recommendations: For Bandmin version 1.4, as a temporary workaround, consider restricting access to the index.cgi file until a patch is available. Avoid using the year, month, and host parameters in the affected actions until the issue is resolved.