CVE-2007-6597

Name of the Vulnerable Software and Affected Versions IPortalX versions prior to Build 033

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML. The affected API endpoints include "forum/login user.asp" and "blogs.asp". The vulnerable parameters are KW, SF, and Date.

Recommendations For IPortalX versions prior to Build 033, update to Build 033 or later to resolve the issue. As a temporary workaround, consider restricting access to the forum/login user.asp and blogs.asp endpoints until the update is applied. Avoid using the KW, SF, and Date parameters in the affected endpoints until the issue is resolved.