CVE-2008-4601

Name of the Vulnerable Software and Affected Versions Habari CMS version 0.5.1

Description A cross-site scripting issue exists in the login feature, allowing remote attackers to inject arbitrary web script or HTML via the habari username parameter. This can be exploited by sending malicious input to the login endpoint.

Recommendations For Habari CMS version 0.5.1, update to a newer version that contains a fix for this issue to prevent exploitation. As a temporary workaround, consider validating and sanitizing the habari username parameter to prevent injection of malicious scripts.