CVE-2006-1321

Name of the Vulnerable Software and Affected Versions webcheck versions prior to 1.9.6

Description The issue allows remote attackers to inject arbitrary web script or HTML via the url, title, or author name in a crawled page. This is due to improper sanitization in the tooltips of a report.

Recommendations For versions prior to 1.9.6, update to version 1.9.6 or later to resolve the issue. As a temporary workaround, consider disabling the display of tooltips in reports until a patch is available. Restrict access to crawled pages to minimize the risk of exploitation. Avoid using the url, title, or author name fields in crawled pages until the issue is resolved.