CVE-2010-1856

Name of the Vulnerable Software and Affected Versions RepairShop2 version 1.9.023 Trial

Description The issue is related to a cross-site scripting (XSS) vulnerability. This occurs when an attacker can inject arbitrary web script or HTML into a website, potentially allowing them to steal user data or take control of the user's session. The vulnerability is specifically in the index.php file and is exploitable when the magic quotes gpc setting is disabled. The prod parameter in a products.details action is the vulnerable point.

Recommendations For RepairShop2 version 1.9.023 Trial, consider disabling the products.details action or restricting access to the prod parameter until a fix is available. Additionally, enabling magic quotes gpc can help mitigate this issue.