The askSam database versions 1.0 and 4.0 contain a cross-site scripting (CSS) issue and a path disclosure issue.
The path disclosure issue occurs when the server searches for the specified file, which does not exist. This causes an error message to be displayed that contains the path that was searched when looking for the file. This path reveals the directory structure that the server uses, which may be used to help the attacker perform further attacks.
Exploits for both issues are publicly available.
Patches are currently unavailable.