CVE-2006-5560

Name of the Vulnerable Software and Affected Versions: Boesch ProgSys versions 0.151 and earlier

Description: A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML. This can be achieved via the PATH INFO to admin/index.php and unspecified vectors related to certain other files.

Recommendations: For Boesch ProgSys versions 0.151 and earlier, update to a version later than 0.151 to resolve the issue. As a temporary workaround, consider restricting access to the admin/index.php endpoint and limiting the use of the PATH INFO parameter until a patch is available.