CVE-2014-5113

Name of the Vulnerable Software and Affected Versions Visualware MyConnection Server version 9.7i

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML via various parameters in the test.php file. The affected parameters include testtype, ver, cm, map, lines, pps, bpp, codec, provtext, provtextextra, provlink, and duration.

Recommendations For Visualware MyConnection Server version 9.7i, consider restricting access to the test.php file until a patch is available. As a temporary workaround, avoid using the vulnerable parameters testtype, ver, cm, map, lines, pps, bpp, codec, provtext, provtextextra, provlink, and duration in the test.php file to minimize the risk of exploitation.