CVE-2009-4972

Name of the Vulnerable Software and Affected Versions SimpleID versions prior to 0.6.5

Description A cross-site scripting (XSS) issue exists in the log in page, specifically in index.php, allowing remote attackers to inject arbitrary web script or HTML via the s parameter. This enables attackers to potentially execute malicious scripts on the client-side.

Recommendations For versions prior to 0.6.5, update to version 0.6.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the index.php page or disabling the s parameter to minimize the risk of exploitation.