CVE-2006-2141

Name of the Vulnerable Software and Affected Versions Collaborative Portal Server (CPS) versions 3.4.0 and earlier

Description A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML via the pos argument in the popup image function.

Recommendations For versions 3.4.0 and earlier, update to a version that contains a fix for this issue. As a temporary workaround, consider restricting access to the popup image function to minimize the risk of exploitation. Avoid using the pos argument in the affected function until the issue is resolved.