FileMaker is database software from FileMaker, Inc.
FileMaker contains a cross-site scripting vulnerability in its "Instant Web Publishing" function that enables users to publish database contents on the web.
An attacker could execute an arbitrary script on the web browser of a user who views the contents published using the "Instant Web Publishing" function.
Upgrade the Software
FileMaker, Inc. has not released any updates or patches for FileMaker 7.x and 8.x.
However the vendor released the FileMaker 9 product line in September 2007. Users are encouraged to upgrade to the FileMaker 9 product line that is not affected by this vulnerability.
The users who are not to upgrade to the FileMaker 9 product line should apply the following workaround to mitigate this vulnerability.
## Products Affected