Verisign · Verisign Managed Pki · CVE-2006-1344
**Name of the Vulnerable Software and Affected Versions**
VeriSign Managed PKI (MPKI) version 6.0
**Description**
A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via a javascript URI in the `VHTML FILE` parameter. This could potentially lead to unauthorized actions on the affected system.
**Recommendations**
For version 6.0, avoid using the `VHTML FILE` parameter with javascript URIs until a fix is available. As a temporary workaround, consider restricting access to the haydn.exe component to minimize the risk of exploitation.