CVE-2006-1642

Name of the Vulnerable Software and Affected Versions: Interact version 2.1.1

Description: The issue allows remote attackers to inject arbitrary web script or HTML. This can be achieved via the search terms parameter to the "search.php" endpoint, and the first name, last name, email, password, and confirm password parameters to the "userinput.php" endpoint.

Recommendations: For Interact version 2.1.1, consider restricting access to the "search.php" and "userinput.php" endpoints until a fix is available. As a temporary workaround, avoid using the search terms, first name, last name, email, password, and confirm password parameters in the affected endpoints.