CVE-2005-4607

Name of the Vulnerable Software and Affected Versions BugPort versions 1.147 and earlier

Description A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via the ids[0], action, report id, devWherePair[1][1], and binds[0] parameters in the index.php file.

Recommendations For BugPort versions 1.147 and earlier, update to a version later than 1.147 to resolve the issue. As a temporary workaround, consider restricting access to the index.php file and validating user input for the ids[0], action, report id, devWherePair[1][1], and binds[0] parameters to minimize the risk of exploitation.