CVE-2006-1230

Name of the Vulnerable Software and Affected Versions vCard versions 2.6 through 2.9

Description The issue allows remote attackers to inject arbitrary web script or HTML via the card id, uploaded, card fontsize, or card color parameters in the create.php file. This can be exploited to conduct cross-site scripting (XSS) attacks.

Recommendations For vCard version 2.6, avoid using the uploaded parameter in the create.php file until a fix is available. For vCard version 2.9, consider restricting access to the card id parameter in the create.php file as a temporary workaround. For all affected versions, restrict the use of the card fontsize and card color parameters in the create.php file to minimize the risk of exploitation.