CVE-2009-2615

Name of the Vulnerable Software and Affected Versions DataCheck Solutions SitePal versions 1.x

Description The issue allows remote attackers to inject arbitrary web script or HTML via the page parameter to API endpoints such as "z admin login.asp" and "z forgot.asp", and possibly other unspecified components.

Recommendations For DataCheck Solutions SitePal versions 1.x, consider disabling access to the "z admin login.asp" and "z forgot.asp" endpoints until a fix is available. Restrict the use of the page parameter in these endpoints to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.