CVE-2006-0650

Name of the Vulnerable Software and Affected Versions CPAINT library versions prior to 2.0.3

Description The issue allows remote attackers to inject arbitrary web script or HTML via the cpaint response type parameter. This parameter is displayed in a resulting error message, enabling the injection of malicious code. For example, a hex-encoded IFRAME tag can be used to demonstrate this issue.

Recommendations For versions prior to 2.0.3, update to version 2.0.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the cpaint response type parameter to minimize the risk of exploitation.