CVE-2009-2893

Name of the Vulnerable Software and Affected Versions: XZero Community Classifieds version 4.97.8

Description: The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML. The injection can occur via two parameters: postevent in a post action and xzcal y.

Recommendations: For XZero Community Classifieds version 4.97.8, consider disabling the postevent parameter in a post action and restricting access to the xzcal y parameter until a patch is available. Avoid using these parameters in the affected API endpoint until the issue is resolved.