CVE-2009-2588

Name of the Vulnerable Software and Affected Versions Hotscripts Type PHP Clone Script (affected versions not specified)

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML via the msg parameter to specific API endpoints: "feedback.php", "index.php", and "lostpassword.php".

Recommendations For Hotscripts Type PHP Clone Script, consider validating and sanitizing user input for the msg parameter in the affected API endpoints to prevent XSS attacks. As a temporary workaround, restrict access to the "feedback.php", "index.php", and "lostpassword.php" endpoints until a fix is available. Avoid using the msg parameter in the affected endpoints until the issue is resolved.