CVE-2008-6465

Name of the Vulnerable Software and Affected Versions: Parallels H-Sphere versions 3.0.0 P9 through 3.1 P1

Description: The issue concerns multiple cross-site scripting (XSS) vulnerabilities in the login.php file of the webshell4 component. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML via the err, errorcode, and login parameters.

Recommendations: For Parallels H-Sphere versions 3.0.0 P9 through 3.1 P1, as a temporary workaround, consider restricting access to the login.php file until a patch is available. Avoid using the parameters err, errorcode, and login in the affected login.php file until the issue is resolved.