PT-2006-1845 · Clever · Clever Copy
Published
2006-02-19
·
Updated
2017-07-20
·
CVE-2006-0796
CVSS v2.0
4.3
Medium
| Vector | AV:N/AC:M/Au:N/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
Clever Copy version 3.0
Description
A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML via the
Subject field when sending private messages. This occurs in the default.php file.Recommendations
For Clever Copy version 3.0, avoid using the
Subject field in privatemessages.php until a fix is available. As a temporary workaround, consider restricting access to the privatemessages.php file to minimize the risk of exploitation.Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Clever Copy