CVE-2009-3225

Name of the Vulnerable Software and Affected Versions AlmondSoft Almond Classifieds Wap and Pro versions (affected versions not specified) Almond Affiliate Network Classifieds versions (affected versions not specified)

Description The issue allows remote attackers to inject arbitrary web script or HTML. This can be achieved via the page parameter in a browse action to "index.php" or the addr parameter to "gmap.php".

Recommendations For AlmondSoft Almond Classifieds Wap and Pro, as a temporary workaround, consider restricting access to the "index.php" and "gmap.php" files until a patch is available. For Almond Affiliate Network Classifieds, avoid using the page and addr parameters in the affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.