CVE-2008-5059

Name of the Vulnerable Software and Affected Versions ModernBill versions 4.4 and earlier

Description The issue concerns a cross-site scripting (XSS) vulnerability. This vulnerability allows remote attackers to inject arbitrary web script or HTML via a Javascript event in the new language parameter in a login action.

Recommendations For ModernBill versions 4.4 and earlier, update to a version later than 4.4 to resolve the issue. As a temporary workaround, consider restricting access to the login action or disabling the use of the new language parameter until a patch is available.