Ac4P · Ac4P Mobile · CVE-2006-6389
**Name of the Vulnerable Software and Affected Versions**
ac4p Mobile (affected versions not specified)
**Description**
The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML. The injection can occur via the `Taaa` parameter to the "/up.php" API endpoint, or the `pollhtml` and `Bloks` parameters to the "/polls.php" API endpoint.
**Recommendations**
At the moment, there is no information about a newer version that contains a fix for this vulnerability.