CVE-2006-0220

Name of the Vulnerable Software and Affected Versions DCP-Portal versions 5.3 through 6.1.1

Description The issue allows remote attackers to inject arbitrary web script or HTML, potentially leading to cross-site scripting (XSS) attacks. This can be achieved via the day parameter in "calendar.php" or the input form in "search.php".

Recommendations For DCP-Portal versions 5.3 through 6.1.1, consider disabling the input form in "search.php" and restricting access to the day parameter in "calendar.php" until a patch is available. Avoid using the day parameter in "calendar.php" and the input form in "search.php" to minimize the risk of exploitation.