CVE-2008-6675

Name of the Vulnerable Software and Affected Versions QuickerSite version 1.8.5

Description The issue allows remote attackers to inject arbitrary web script or HTML, potentially leading to cross-site scripting (XSS) attacks. This can be achieved through various parameters and headers in different files, including the "close" parameter to "showThumb.aspx", "SB redirect" and "SB feedback" parameters in "process send.asp", "paramCode" and "cColor" parameters to "picker.asp", and the query string, Referer header, and X-FORWARDED-FOR header to "rss.asp".

Recommendations For QuickerSite version 1.8.5, consider disabling or restricting access to the vulnerable parameters and files, such as the "close" parameter in "showThumb.aspx", "SB redirect" and "SB feedback" parameters in "process send.asp", "paramCode" and "cColor" parameters in "picker.asp", and the query string, Referer header, and X-FORWARDED-FOR header in "rss.asp", until a patch is available. Avoid using these parameters and headers in the affected files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.