CVE-2009-2078

Name of the Vulnerable Software and Affected Versions Booktree versions 5.x before 5.x-7.3 Booktree versions 6.x before 6.x-1.1

Description The issue allows remote attackers to inject arbitrary web script or HTML via the node title and node body in a tree root page, which can lead to cross-site scripting (XSS) attacks.

Recommendations For Booktree versions 5.x before 5.x-7.3, update to version 5.x-7.3 or later. For Booktree versions 6.x before 6.x-1.1, update to version 6.x-1.1 or later.