XODA is prone to an arbitrary file-upload vulnerability and multiple HTML-injection vulnerabilities because it fails to properly sanitize user-supplied input. An attacker could exploit these issues to execute arbitrary script code in a user's browser in the context of the affected site or execute arbitrary code on the server. XODA 0.4.5 is vulnerable other versions may also be affected.

• http://www.securityfocus.com/bid/55127

---

Updated on 2015-03-25