CVE-2006-2891

Name of the Vulnerable Software and Affected Versions Pixelpost versions 1 through 1-5rc1-2

Description The issue allows remote attackers to inject arbitrary HTML or web script via the loginmessage parameter in the "admin/index.php" endpoint. This enables attackers to execute malicious scripts on the victim's browser.

Recommendations For Pixelpost versions 1 through 1-5rc1-2, avoid using the loginmessage parameter in the "admin/index.php" endpoint until a fix is available. As a temporary workaround, consider restricting access to the admin/index.php endpoint to minimize the risk of exploitation.