CVE-2008-2759

Name of the Vulnerable Software and Affected Versions Xigla Absolute Form Processor XE version 4.0

Description The issue allows remote attackers to inject arbitrary web script or HTML. This can be achieved via the showfields, text, and submissions parameters to the "search.asp" endpoint, as well as the name parameter to the "users.asp" endpoint.

Recommendations For Xigla Absolute Form Processor XE version 4.0, consider restricting access to the search.asp and users.asp endpoints until a fix is available. As a temporary workaround, avoid using the showfields, text, submissions, and name parameters in these endpoints to minimize the risk of exploitation.