CVE-2009-0424

Name of the Vulnerable Software and Affected Versions ANG versions prior to 0.7.7

Description A cross-site scripting (XSS) issue exists due to improper handling of the country parameter in certain scripts, allowing remote attackers to inject arbitrary web script or HTML. This affects the administrator/manage.php and administrator/trash.php scripts.

Recommendations For versions prior to 0.7.7, update to version 0.7.7 or later to resolve the issue. As a temporary workaround, consider restricting access to the administrator/manage.php and administrator/trash.php scripts until the update is applied. Avoid using the country parameter in these scripts until the issue is resolved.