CVE-2006-1818

Name of the Vulnerable Software and Affected Versions warforge.NEWS version 1.0

Description The issue allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly including the first name and last name parameters in "myaccounts.php".

Recommendations For warforge.NEWS version 1.0, as a temporary workaround, consider validating and sanitizing user input for the first name and last name parameters in "myaccounts.php" to prevent arbitrary web script or HTML injection. At the moment, there is no information about a newer version that contains a fix for this issue.