CVE-2009-3256

Name of the Vulnerable Software and Affected Versions LiveStreet version 0.2

Description A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via the URI. This can be achieved by injecting a SCRIPT element in an arbitrary parameter, such as the asd parameter, in the include/ajax/blogInfo.php file.

Recommendations For LiveStreet version 0.2, as a temporary workaround, consider restricting access to the include/ajax/blogInfo.php file until a patch is available. Avoid using arbitrary parameters in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.