CVE-2013-0737

Name of the Vulnerable Software and Affected Versions: BoltWire versions 3.5 and earlier

Description: The issue allows remote attackers to inject arbitrary web script or HTML via the fieldnames parameter, which can lead to cross-site scripting (XSS) attacks. This enables attackers to execute malicious scripts on the victim's browser, potentially leading to unauthorized actions or data theft.

Recommendations: For BoltWire versions 3.5 and earlier, consider restricting access to the fieldnames parameter to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.