CVE-2005-4551

Name of the Vulnerable Software and Affected Versions SimpBook version 1.0

Description A cross-site scripting (XSS) issue exists due to the failure to properly sanitize user input. When the html enable option is enabled, remote attackers can inject arbitrary web script or HTML via the message parameter to "index.php". This allows for the execution of malicious code on the victim's browser.

Recommendations For SimpBook version 1.0, as a temporary workaround, consider disabling the html enable option until a patch is available. Restrict access to the "index.php" endpoint to minimize the risk of exploitation. Avoid using the message parameter in the affected endpoint until the issue is resolved.