CVE-2009-1809

Name of the Vulnerable Software and Affected Versions: myColex version 1.4.2

Description: The issue allows remote attackers to inject arbitrary web script or HTML, potentially leading to cross-site scripting (XSS) attacks. This can be achieved through various parameters in different modules, including the year parameter to "modules/kalender.php", the Page parameter in a List action to "modules/ereignis.php", the Kontext parameter in a Search action to "modules/kategorie.php", or the image parameter to "modules/image.php".

Recommendations: For myColex version 1.4.2, consider disabling the vulnerable parameters year, Page, Kontext, and image in their respective modules until a patch is available. Restrict access to the modules "modules/kalender.php", "modules/ereignis.php", "modules/kategorie.php", and "modules/image.php" to minimize the risk of exploitation. Avoid using these parameters in the affected API endpoints until the issue is resolved.