CVE-2004-1630

Name of the Vulnerable Software and Affected Versions OpenWFE versions 1.4.x

Description A cross-site scripting (XSS) issue exists in the login form, allowing remote attackers to execute arbitrary web script or HTML via the url parameter. This can lead to unauthorized actions on the affected system.

Recommendations For OpenWFE version 1.4.x, avoid using the url parameter in the login form until a fix is available. As a temporary workaround, consider restricting access to the login form to minimize the risk of exploitation.