CVE-2005-4239

Name of the Vulnerable Software and Affected Versions PHP JackKnife versions 2.21 and earlier

Description A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via URL-encoded values in the sKeywords parameter. This can be exploited by sending malicious input to the Search/DisplayResults.php file.

Recommendations For PHP JackKnife versions 2.21 and earlier, as a temporary workaround, consider restricting access to the Search/DisplayResults.php file or validating and sanitizing the sKeywords parameter to prevent malicious input. At the moment, there is no information about a newer version that contains a fix for this vulnerability.