CVE-2006-4755

Name of the Vulnerable Software and Affected Versions phpMyDirectory versions 10.4.6 and earlier

Description A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via the letter parameter in the alpha.php file.

Recommendations For versions 10.4.6 and earlier, update to a version later than 10.4.6 to resolve the issue. As a temporary workaround, consider restricting access to the alpha.php file or sanitizing the letter parameter to prevent malicious input.