CVE-2009-2613

Name of the Vulnerable Software and Affected Versions DataCheck Solutions LinkPal versions 1.x

Description The issue allows remote attackers to inject arbitrary web script or HTML via the page parameter to various components, including (1) "z loginfailed.asp", (2) "z admin login.asp", and (3) "z forgot.asp". This could potentially lead to cross-site scripting (XSS) attacks.

Recommendations For DataCheck Solutions LinkPal versions 1.x, consider restricting access to the affected components, such as "z loginfailed.asp", "z admin login.asp", and "z forgot.asp", to minimize the risk of exploitation. Avoid using the page parameter in these components until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.