CVE-2006-3521

Name of the Vulnerable Software and Affected Versions SiteForge Collaborative Development Platform versions 1.0.4 and earlier

Description The issue allows remote attackers to inject arbitrary web script or HTML via the status, extra1, extra2, or extra3 parameters in the index/siteforge-bugs-action/proj.siteforge component. This can lead to cross-site scripting (XSS) attacks.

Recommendations For SiteForge Collaborative Development Platform versions 1.0.4 and earlier, as a temporary workaround, consider restricting access to the index/siteforge-bugs-action/proj.siteforge component until a patch is available. Avoid using the status, extra1, extra2, or extra3 parameters in this component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.