CVE-2006-0204

Name of the Vulnerable Software and Affected Versions Wordcircle version 2.17

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML. Specifically, this can be done via the Course name field in "index.php" when the frm parameter has the value "mine". There may be other vulnerable fields in unspecified scripts, but details are not provided.

Recommendations For Wordcircle version 2.17, as a temporary workaround, consider restricting access to the Course name field in "index.php" when the frm parameter has the value "mine" until a patch is available. Avoid using the Course name field in this context to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.