CVE-2006-1970

Name of the Vulnerable Software and Affected Versions KCScripts Classifieds versions prior to Portal Pack 6.0

Description A cross-site scripting issue allows remote attackers to inject arbitrary web script or HTML via the cat id parameter in the classifieds/viewcat.cgi script.

Recommendations For versions prior to Portal Pack 6.0, update to a version later than Portal Pack 6.0 to resolve the issue. As a temporary workaround, consider restricting access to the classifieds/viewcat.cgi script to minimize the risk of exploitation. Avoid using the cat id parameter in the affected script until the issue is resolved.