CVE-2007-0852

Name of the Vulnerable Software and Affected Versions: DevTrack versions 6.x

Description: A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via the Keyword search form field and other unspecified form fields that populate a public saved query.

Recommendations: For DevTrack versions 6.x, as a temporary workaround, consider restricting access to the Keyword search form field and other vulnerable form fields until a patch is available. Avoid using these fields in a way that could allow arbitrary web script or HTML injection. At the moment, there is no information about a newer version that contains a fix for this issue.