CVE-2006-1239

Name of the Vulnerable Software and Affected Versions Gemini version 2.0

Description A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML via the rtcDescription$RadEditor1 field in the issue/createissue.aspx page.

Recommendations For Gemini version 2.0, as a temporary workaround, consider restricting access to the issue/createissue.aspx page until a patch is available. Avoid using the rtcDescription$RadEditor1 field in this page until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.