CVE-2011-3199

Name of the Vulnerable Software and Affected Versions Domain Technologie Control (DTC) versions prior to 0.34.1

Description The issue allows remote authenticated users to inject arbitrary web script or HTML via the message body of a support ticket or unspecified vectors to the DNS and MX form, as demonstrated by the "Domain root TXT record:" field.

Recommendations For versions prior to 0.34.1, update to version 0.34.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the support ticket and DNS and MX form features until the update is applied. Avoid using the "Domain root TXT record:" field in the affected forms until the issue is resolved.