CVE-2003-1285

Name of the Vulnerable Software and Affected Versions Sambar Server versions prior to 6.0 beta 6

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities that allow remote attackers to inject arbitrary web script or HTML. This can be achieved via the query string to various API endpoints and scripts, including (1) isapi/testisa.dll, (2) testcgi.exe, (3) environ.pl, (4) the query parameter to samples/search.dll, (5) the price parameter to mortgage.pl, (6) the query string in dumpenv.pl, (7) the query string to dumpenv.pl, and (8) the E-Mail field of the guestbook script (book.pl).

Recommendations For Sambar Server versions prior to 6.0 beta 6, update to version 6.0 beta 6 or later to resolve the issue.