CVE-2013-1642

Name of the Vulnerable Software and Affected Versions: QuiXplorer versions prior to 2.5.5

Description: The issue allows remote attackers to inject arbitrary web script or HTML via several parameters to index.php, including the dir, item, order, searchitem, selitems[], or srt parameter, as well as the QUERY STRING to index.php. This enables attackers to perform cross-site scripting (XSS) attacks.

Recommendations: For versions prior to 2.5.5, update to version 2.5.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable parameters, such as dir, item, order, searchitem, selitems[], and srt, in the index.php file until a patch is applied. Additionally, limit the use of the QUERY STRING to index.php to minimize the risk of exploitation.