CVE-2006-0758

Name of the Vulnerable Software and Affected Versions HiveMail versions 1.3 and earlier

Description The issue allows remote attackers to inject arbitrary web script or HTML via a URL encoded expression in the query string in scripts such as "index.php", which is not properly cleansed when accessed from the PHP SELF variable. This can lead to cross-site scripting (XSS) attacks.

Recommendations For HiveMail versions 1.3 and earlier, consider disabling access to the "index.php" script until a fix is available, and restrict the use of the PHP SELF variable to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.