CVE-2009-3360

Name of the Vulnerable Software and Affected Versions Datemill version 1.0

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML. Specifically, the vulnerabilities are found in the "return" parameter to "photo view.php", and the "st" parameter to both "photo search.php" and "search.php".

Recommendations For Datemill version 1.0, as a temporary workaround, consider restricting access to the photo view.php, photo search.php, and search.php scripts until a patch is available. Avoid using the return parameter in photo view.php and the st parameter in photo search.php and search.php to minimize the risk of exploitation.