CVE-2006-2340

Name of the Vulnerable Software and Affected Versions PassMasterFlex versions 1.2 and earlier PassMasterFlexPlus versions 1.2 and earlier

Description A cross-site scripting issue allows remote attackers to inject arbitrary web script or HTML via the username, password, or User-Agent HTTP header in the Hack Log.

Recommendations For PassMasterFlex versions 1.2 and earlier, update to a version later than 1.2. For PassMasterFlexPlus versions 1.2 and earlier, update to a version later than 1.2. As a temporary workaround, consider restricting input for the username and password fields, as well as limiting the information sent in the User-Agent HTTP header, until a patch is available.