CVE-2006-0796

Name of the Vulnerable Software and Affected Versions Clever Copy version 3.0

Description A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML via the Subject field when sending private messages. This occurs in the default.php file.

Recommendations For Clever Copy version 3.0, avoid using the Subject field in privatemessages.php until a fix is available. As a temporary workaround, consider restricting access to the privatemessages.php file to minimize the risk of exploitation.