CVE-2007-4541

Name of the Vulnerable Software and Affected Versions Olate Download (od) version 3.4.2

Description The issue allows remote attackers to inject arbitrary web script or HTML, which can lead to cross-site scripting (XSS) attacks. This is possible via the PHP SELF variable in modules/core/uim.php and [url] tags in a comment in modules/core/fldm.php.

Recommendations For Olate Download (od) version 3.4.2, consider disabling the uim.php and fldm.php modules until a patch is available to prevent exploitation. Restrict access to these modules to minimize the risk of XSS attacks. Avoid using the PHP SELF variable in uim.php and [url] tags in comments in fldm.php until the issue is resolved.