CVE-2006-6862

Name of the Vulnerable Software and Affected Versions: Outfront Spooky Login version 2.7

Description: The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to API endpoints such as "login/login.asp" or "login/register.asp".

Recommendations: For Outfront Spooky Login version 2.7, as a temporary workaround, consider restricting access to the "login/login.asp" and "login/register.asp" API endpoints until a patch is available. Avoid using unspecified parameters in these endpoints to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.