CVE-2006-0933

Name of the Vulnerable Software and Affected Versions PHPX version 3.5.9

Description A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via a javascript URI in a url XCode tag in a posted message.

Recommendations For PHPX version 3.5.9, consider disabling the ability to post messages with javascript URIs in XCode tags until a fix is available. Restrict access to posted messages to minimize the risk of exploitation.