CVE-2006-6582

Name of the Vulnerable Software and Affected Versions ScriptMate User Manager versions 2.1 and earlier

Description The issue allows remote attackers to inject arbitrary web script or HTML via the members username and members password fields in a login action in "members/default.asp", and the Search box.

Recommendations For ScriptMate User Manager versions 2.1 and earlier, consider disabling the login functionality in members/default.asp and restricting access to the Search box until a fix is available. Avoid using the members username and members password fields in the login action until the issue is resolved.