CVE-2004-1418

Name of the Vulnerable Software and Affected Versions: WPKontakt versions 3.0.1 and earlier

Description: A cross-site scripting issue allows remote attackers to inject arbitrary web script or HTML via an e-mail address. This occurs because the e-mail address is not properly quoted when a parsing error is generated.

Recommendations: For versions 3.0.1 and earlier, update to a version that properly quotes e-mail addresses to prevent script injection. At the moment, there is no information about a newer version that contains a fix for this vulnerability.