CVE-2008-6645

Name of the Vulnerable Software and Affected Versions Opencosmo VisualSentinel version 0.7

Description A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via the User-Agent header, which is not properly handled when displaying log files. This occurs because the $ SERVER['HTTP USER AGENT'] variable is not correctly sanitized.

Recommendations For Opencosmo VisualSentinel version 0.7, consider implementing proper input validation and sanitization for the User-Agent header to prevent XSS attacks. As a temporary workaround, restrict access to log files or disable the display of the User-Agent header in log files until a proper fix is available.