CVE-2004-0663

Name of the Vulnerable Software and Affected Versions PowerPortal versions 1.x

Description A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary script or HTML. This can be achieved via the id parameter to the private messages module, the search parameter to the links and content modules, and the files parameter to the gallery module.

Recommendations For PowerPortal version 1.x, as a temporary workaround, consider restricting access to the private messages, links, content, and gallery modules until a patch is available. Avoid using the id, search, and files parameters in the affected modules to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.