CVE-2008-4727

Name of the Vulnerable Software and Affected Versions SunGard Banner Student version 7.3

Description A cross-site scripting (XSS) issue exists in the contact update page, allowing remote attackers to inject arbitrary web script or HTML via the addr1 parameter. This might be related to a CSRF vulnerability, but details are insufficient to confirm.

Recommendations For SunGard Banner Student version 7.3, consider restricting access to the contact update page ss/bwgkoemr.P UpdateEmrgContacts until a fix is available, and avoid using the addr1 parameter in this context to minimize the risk of exploitation.