CVE-2011-1427

Name of the Vulnerable Software and Affected Versions Kodak InSite version 5.5.2

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML. The injection can occur via the Language parameter to "Pages/login.aspx", the HeaderWarning parameter to "Troubleshooting/DiagnosticReport.asp", or the User-Agent header to "troubleshooting/speedtest.asp".

Recommendations For Kodak InSite version 5.5.2, consider disabling access to the affected API endpoints "Pages/login.aspx", "Troubleshooting/DiagnosticReport.asp", and "troubleshooting/speedtest.asp" until a patch is available. Avoid using the Language and HeaderWarning parameters in the respective endpoints until the issue is resolved. Restrict the ability to modify the User-Agent header in the "troubleshooting/speedtest.asp" endpoint to minimize the risk of exploitation.