CVE-2007-3269

Name of the Vulnerable Software and Affected Versions Papoo Light version 3.6 before 20070611

Description The issue allows remote attackers to inject arbitrary web script or HTML via the URI in a GET request or the Title field of a visitor comment. Additionally, remote authenticated users can inject arbitrary web script or HTML via a message to another user.

Recommendations For Papoo Light version 3.6 before 20070611, update to a version released after 20070611 to resolve the issue. As a temporary workaround, consider restricting user input in the Title field of visitor comments and limiting the ability to send messages to other users. Avoid using the URI in a GET request with untrusted input until the issue is resolved.