CVE-2006-6520

Name of the Vulnerable Software and Affected Versions Messageriescripthp version 2.0

Description The issue allows remote attackers to inject arbitrary web script or HTML, potentially leading to security breaches. This can be achieved via several parameters, including the pseudo parameter to "existepseudo.php", the email parameter to "existeemail.php", or the pageName or cssform parameters to "Contact/contact.php".

Recommendations For Messageriescripthp version 2.0, consider validating and sanitizing user input for the pseudo, email, pageName, and cssform parameters to prevent arbitrary script injection. As a temporary workaround, restrict access to the affected scripts, "existepseudo.php", "existeemail.php", and "Contact/contact.php", until a proper fix is applied.