CVE-2013-7277

Name of the Vulnerable Software and Affected Versions Aphpkb versions prior to 0.95.8

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML. The injection can occur via the HTTP Referer header to "saa.php", the username parameter to "login.php", or the keyword list parameter to "keysearch.php".

Recommendations For versions prior to 0.95.8, update to version 0.95.8 or later to resolve the issue. As a temporary workaround, consider restricting access to the "saa.php", "login.php", and "keysearch.php" scripts until the update is applied. Avoid using the username and keyword list parameters in the affected scripts until the issue is resolved.