CVE-2006-6925

Name of the Vulnerable Software and Affected Versions: bitweaver versions 1.3.1 and earlier

Description: The issue allows remote attackers to inject arbitrary web script or HTML via specific fields, including the message title field when submitting an article to "articles/edit.php", the message title field when submitting a blog post to "blogs/post.php", or the message description field when editing in the Sandbox in "wiki/edit.php".

Recommendations: For bitweaver versions 1.3.1 and earlier, update to a version later than 1.3.1 to resolve the issue. As a temporary workaround, consider restricting user input in the message title fields and the message description field in the Sandbox to minimize the risk of exploitation. Avoid using the affected API endpoints "articles/edit.php", "blogs/post.php", and "wiki/edit.php" with unvalidated user input until the issue is resolved.