CVE-2006-6174

Name of the Vulnerable Software and Affected Versions tDiary versions prior to 2.0.3 tDiary versions 2.1.x prior to 2.1.4.20061126

Description A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via the conf parameter in (1) tdiary.rb and (2) skel/conf.rhtml. This could potentially lead to unauthorized actions on the affected web application.

Recommendations For tDiary versions prior to 2.0.3, update to version 2.0.3 or later. For tDiary versions 2.1.x prior to 2.1.4.20061126, update to version 2.1.4.20061126 or later.