CVE-2009-3066

Name of the Vulnerable Software and Affected Versions: Property Watch version 2.0

Description: The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML. Specifically, the videoid parameter to "tools/email.php" and the redirect parameter to "tools/login.php" are vulnerable.

Recommendations: For version 2.0, consider restricting access to the videoid parameter in the "tools/email.php" endpoint and the redirect parameter in the "tools/login.php" endpoint to minimize the risk of exploitation. Avoid using these parameters until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.