Tdiary · Tdiary · CVE-2006-6174
**Name of the Vulnerable Software and Affected Versions**
tDiary versions prior to 2.0.3
tDiary versions 2.1.x prior to 2.1.4.20061126
**Description**
A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via the `conf` parameter in (1) tdiary.rb and (2) skel/conf.rhtml. This could potentially lead to unauthorized actions on the affected web application.
**Recommendations**
For tDiary versions prior to 2.0.3, update to version 2.0.3 or later.
For tDiary versions 2.1.x prior to 2.1.4.20061126, update to version 2.1.4.20061126 or later.