CVE-2006-2545

Name of the Vulnerable Software and Affected Versions Xtreme Topsites version 1.1

Description The issue allows remote attackers to inject arbitrary web script or HTML, potentially resulting from SQL injection. This is achieved via the id parameter in "stats.php" and unspecified inputs in "lostid.php", likely including the searchthis parameter.

Recommendations For Xtreme Topsites version 1.1, avoid using the id parameter in "stats.php" and the searchthis parameter in "lostid.php" until a fix is available. As a temporary workaround, consider restricting access to "stats.php" and "lostid.php" to minimize the risk of exploitation.