We are been happy with page publisher and continue to use it as it is the best program for our clients.
We recently had a security audit of our web server and they found one issue with page publish
XPath injection This script is possibly vulnerable to SQL/XPath Injection attacks. SQL injection is a vulnerability that allows an attacker to alter backend SQL statements by manipulating the user input. An SQL injection occurs when web applications accept user input that is directly placed into a SQL statement and doesn't properly filter out dangerous characters. This is one of the most common application layer attacks currently being used on the Internet. Despite the fact that it is relatively easy to protect against, there is a large number of web applications vulnerable. XPath Injection is an attack technique used to exploit web sites that construct XPath queries from user-supplied input. Impact
An unauthenticated attacker may execute arbitrary SQL/XPath statements on the vulnerable system. This may compromise the integrity of your database and/or expose sensitive information. Solution
Your script should filter metacharacters from user input. Check detailed information for more information about fixing this vulnerability. Vulnerable Resources /selfservice/pp.cgi
I was hoping you could fix this as described above. It does not look like a major fix. Please let me know.
Page Publisher doesn't use SQL or XPath, so there is absolutely zero possibility of an SQL or XPath attack. Page Publisher uses it's own internal (flat file) database that isn't related to SQL at all.
page publisher login fix
