CVE-2012-6369

Name of the Vulnerable Software and Affected Versions 1Password version 3.9.9

Description A cross-site scripting (XSS) issue exists in the Troubleshooting Reporting System feature. This could allow remote attackers to inject arbitrary web script or HTML via a crafted User-Agent HTTP header that is not properly handled in a View Troubleshooting Report action.

Recommendations For version 3.9.9, consider disabling the Troubleshooting Reporting System feature until a patch is available. Restrict access to the View Troubleshooting Report action to minimize the risk of exploitation. Avoid using crafted User-Agent HTTP headers in the affected system until the issue is resolved.