CVE-2006-3519

Name of the Vulnerable Software and Affected Versions The Banner Engine (tbe) version 4.0

Description The issue allows remote attackers to execute arbitrary web script or HTML. This can be achieved via the text parameter in a search action to the "/top.php" API endpoint, or through the adminpass or adminlogin parameters to the "/signup.php" API endpoint.

Recommendations For version 4.0, update the software to remove the cross-site scripting vulnerabilities, specifically ensuring that user input for the text, adminpass, and adminlogin parameters is properly sanitized to prevent arbitrary script execution. As a temporary workaround, consider restricting access to the "/top.php" and "/signup.php" API endpoints until a patch is available.