CVE-2008-3344

Name of the Vulnerable Software and Affected Versions MyioSoft EasyE-Cards versions 3.5 through 3.10a

Description The issue allows remote attackers to inject arbitrary web script or HTML via several parameters, including ResultHtml, dir, SenderName, RecipientName, SenderMail, and RecipientMail. This can be exploited by sending malicious input to the affected API endpoint.

Recommendations For MyioSoft EasyE-Cards versions 3.5 through 3.10a, as a temporary workaround, consider restricting access to the staticpages/easyecards/index.php endpoint until a patch is available. Avoid using the parameters ResultHtml, dir, SenderName, RecipientName, SenderMail, and RecipientMail in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.