CVE-2007-6608

Name of the Vulnerable Software and Affected Versions OpenBiblio versions 0.5.2-pre4 and earlier

Description The issue allows remote attackers to inject arbitrary web script or HTML, potentially leading to security breaches. This can be achieved via several parameters, including LAST and FIRST parameters to "admin/staff del confirm.php", the name parameter to "admin/theme del confirm.php", or the themeName parameter to "admin/theme preview.php".

Recommendations For OpenBiblio versions 0.5.2-pre4 and earlier, consider disabling access to the affected API endpoints "admin/staff del confirm.php", "admin/theme del confirm.php", and "admin/theme preview.php" until a patch is available. Restrict the use of the vulnerable parameters LAST, FIRST, name, and themeName to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.