Civicspace · Civicspace · CVE-2006-4088
**Name of the Vulnerable Software and Affected Versions**
CivicSpace version 0.8.5
**Description**
The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML via the `Subject`, `Comment`, and `Add new comment` sections.
**Recommendations**
For CivicSpace version 0.8.5, consider restricting user input in the `Subject`, `Comment`, and `Add new comment` sections to prevent the injection of malicious scripts until a patch is available.