CVE-2006-4576

Name of the Vulnerable Software and Affected Versions The Address Book version 1.04e

Description A cross-site scripting issue allows remote attackers to inject arbitrary web script or HTML by uploading an HTML file with a GIF or JPG extension. This uploaded file can be rendered by Internet Explorer, potentially leading to the execution of malicious scripts.

Recommendations For version 1.04e, consider restricting the upload of files with GIF or JPG extensions to prevent the injection of malicious HTML code until a patch is available. As a temporary workaround, avoid using Internet Explorer to render uploaded files.