CVE-2008-0820

Name of the Vulnerable Software and Affected Versions Etomite version 0.6.1.4 Final

Description A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML. The issue is disputed by the vendor, who claims the affected variable is $ SERVER['PHP SELF'] and states that this is not an Etomite-specific exploit.

Recommendations For Etomite version 0.6.1.4 Final, consider restricting access to the index.php file until a patch is available. As a temporary workaround, avoid using the $ SERVER['PHP SELF'] variable in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.