PT-2005-2244 · Freedom Scientific · Jaws
Paulino Calderon
·
Published
2005-04-24
·
Updated
2008-09-05
·
CVE-2005-1231
CVSS v2.0
4.3
Medium
| Vector | AV:N/AC:M/Au:N/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions:
JAWS version 0.4
Description:
A cross-site scripting (XSS) issue exists in the NewTerm function in GlossaryModel.php, allowing remote attackers to inject arbitrary web script or HTML via the
term or description variables.Recommendations:
For JAWS version 0.4, as a temporary workaround, consider disabling the NewTerm function in GlossaryModel.php until a patch is available. Restrict input for the
term and description variables to minimize the risk of exploitation.Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Jaws