CVE-2005-4576

Name of the Vulnerable Software and Affected Versions Fatwire UpdateEngine versions 6.2 and earlier

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities in the UpdateEngine program. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML via the COUNTRYNAME, EMAIL, and FUELAP TEMPLATENAME parameters.

Recommendations For Fatwire UpdateEngine versions 6.2 and earlier, update to a version later than 6.2 to resolve the issue. As a temporary workaround, consider restricting access to the UpdateEngine program to minimize the risk of exploitation. Avoid using the COUNTRYNAME, EMAIL, and FUELAP TEMPLATENAME parameters in the affected program until the issue is resolved.