CVE-2004-2246

Name of the Vulnerable Software and Affected Versions: Goollery versions prior to 0.04b

Description: A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary HTML or web script via the conversation id parameter to the "viewpic.php" endpoint.

Recommendations: For versions prior to 0.04b, update to version 0.04b or later to resolve the issue. As a temporary workaround, consider restricting access to the "viewpic.php" endpoint or avoiding the use of the conversation id parameter until the issue is resolved.