CVE-2005-3770

Name of the Vulnerable Software and Affected Versions PHP-Post (PHPp) version 1.0

Description The issue allows remote attackers to inject arbitrary web script or HTML, potentially leading to cross-site scripting (XSS) attacks. This can be achieved through the subject in a post or by manipulating the user parameter in specific API endpoints, such as "profile.php" and "mail.php".

Recommendations For PHP-Post (PHPp) version 1.0, consider validating and sanitizing user input for the subject in posts and the user parameter in "profile.php" and "mail.php" to prevent arbitrary script injection. As a temporary workaround, restrict access to these endpoints until a proper fix is applied.