CVE-2007-2880

Name of the Vulnerable Software and Affected Versions Digirez version 3.4

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML. Specifically, the vulnerabilities can be exploited via the Room name parameter to the "/room/info book.asp" API endpoint or the curYear parameter to the "/room/week.asp" API endpoint.

Recommendations For Digirez version 3.4, as a temporary workaround, consider restricting access to the "/room/info book.asp" and "/room/week.asp" API endpoints until a patch is available. Avoid using the Room name and curYear parameters in these endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.