CVE-2006-3539

Name of the Vulnerable Software and Affected Versions Dragon's Kingdom Script version 1.0

Description The issue allows remote attackers to inject arbitrary web script or HTML via a javascript URI in the SRC attribute of an IMG element in various fields. This includes the Subject and Message fields in a do=write action in gamemail.php, multiple fields in a do=onlinechar action in index.php, the Title and Message fields in a do=new action in general.php, and unspecified fields in other Forum posts and Forum replies.

Recommendations For Dragon's Kingdom Script version 1.0, consider disabling the ability to include javascript URIs in the SRC attribute of IMG elements in all affected fields as a temporary workaround until a patch is available. Restrict access to the gamemail.php, index.php, and general.php files to minimize the risk of exploitation. Avoid using the SRC attribute in IMG elements in the affected fields until the issue is resolved.