OpenEdit DAM , "web based open source digital asset management with web content management", exhibits a cross-site scripting vulnerability.

Input passed to the "catalogid" parameter in data/views/index.html is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in the context of an affected site.

References:

CVE-2008-pending

BID: 33063

FrSIRT: N/A

Nessus:N/A

OSVDB: 51028

SA: 33296

XF: 47692

Related: HIO-2008-1230-2

Vendor Solution: Upgrade to v.5.2014