CVE-2006-0894

Name of the Vulnerable Software and Affected Versions NOCC Webmail version 1.0

Description The issue allows remote attackers to inject arbitrary web script or HTML, potentially leading to cross-site scripting (XSS) attacks. This can be achieved through various parameters in different PHP files, including the html error occurred parameter in "error.php", the html filter select parameter in "filter prefs.php", the html no mail parameter in "no mail.php", the page line, prev, and next parameters in "html bottom table.php", and the SESSION['nocc theme'] parameter in "footer.php".

Recommendations To resolve the issue, update the input validation and sanitization for the affected parameters in the respective PHP files. For the html error occurred parameter in "error.php", ensure proper encoding of user-input data. For the html filter select parameter in "filter prefs.php", validate user input to prevent malicious code injection. For the html no mail parameter in "no mail.php", implement robust input validation to prevent XSS attacks. For the page line, prev, and next parameters in "html bottom table.php", restrict input to expected formats and encode user-input data. For the SESSION['nocc theme'] parameter in "footer.php", ensure that user-input data is properly sanitized and validated.