CVE-2009-2589

Name of the Vulnerable Software and Affected Versions Hutscripts PHP Website Script (affected versions not specified)

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML via the msg parameter to specific API endpoints: "feedback.php", "index.php", and "lostpassword.php".

Recommendations For all affected versions, as a temporary workaround, consider restricting access to the msg parameter in the affected API endpoints until a patch is available. Avoid using the msg parameter in the affected API endpoints "feedback.php", "index.php", and "lostpassword.php" until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.