CVE-2009-3513

Name of the Vulnerable Software and Affected Versions Pilot Group (PG) eTraining (affected versions not specified)

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML via specific parameters in various PHP files. The affected parameters include cat id in 'courses login.php', id in 'news read.php' or 'lessons login.php', and cur in a 'start' action to 'lessons login.php'.

Recommendations For Pilot Group (PG) eTraining, consider restricting access to the cat id parameter in 'courses login.php', the id parameter in 'news read.php' and 'lessons login.php', and the cur parameter in the 'start' action to 'lessons login.php' to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.