CVE-2009-2107

Name of the Vulnerable Software and Affected Versions Webmedia Explorer (webmex) versions 5.09 through 5.10

Description The issue allows remote attackers to inject arbitrary web script or HTML via event handlers such as onmouseover in several parameters, including the search and tag parameters, arbitrary invalid parameter names, the bookmark parameter in an edit action, and the email parameter in a remember action.

Recommendations For Webmedia Explorer (webmex) versions 5.09 through 5.10, consider disabling the search and tag parameters, as well as any arbitrary invalid parameter names, until a patch is available. Restrict access to the bookmark parameter in edit actions and the email parameter in remember actions to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.