CVE-2005-3552

Name of the Vulnerable Software and Affected Versions PHPKIT versions 1.6.1 R2 and earlier

Description The issue allows remote attackers to inject arbitrary web script or HTML via multiple vectors, including the login/profile.php, login/userinfo.php, admin/admin.php, imcenter.php, referer statistics, HTML title element, logo alt attributes in forum postings, and the Homepage field in the Guestbook.

Recommendations For PHPKIT versions 1.6.1 R2 and earlier, update to a version later than 1.6.1 R2 to resolve the issue. As a temporary workaround, consider restricting access to the affected files, such as login/profile.php, login/userinfo.php, admin/admin.php, and imcenter.php, until a patch is available. Avoid using the vulnerable fields, such as the Homepage field in the Guestbook, and the logo alt attributes in forum postings, until the issue is resolved.