CVE-2006-1400

Name of the Vulnerable Software and Affected Versions Metisware Instructor versions 1.3 and earlier

Description A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML. This is achieved via the Task parameter in the MyTasks/PersonalTaskEdit.asp file.

Recommendations For Metisware Instructor versions 1.3 and earlier, update to a version later than 1.3 to resolve the issue. As a temporary workaround, consider restricting access to the MyTasks/PersonalTaskEdit.asp file to minimize the risk of exploitation. Avoid using the Task parameter in the affected file until the issue is resolved.