CVE-2009-2569

Name of the Vulnerable Software and Affected Versions Verlihub Control Panel (VHCP) version 1.7e

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML. This can be achieved via the nick parameter in a login action to "index.php" or via the URI in a news request to "index.html".

Recommendations For Verlihub Control Panel (VHCP) version 1.7e, consider disabling the login functionality in "index.php" and restricting access to "index.html" until a patch is available. Avoid using the nick parameter in the login action to "index.php" to minimize the risk of exploitation.