PT-2006-2553 · Vsns · Vsns Lemon

Published

2006-03-31

Updated

2018-10-18

CVE-2006-1554

CVSS v2.0

2.6

Low

Vector

AV:N/AC:H/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions: VSNS Lemon version 3.2.0

Description: A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via the name parameter while adding a comment.

Recommendations: For VSNS Lemon version 3.2.0, avoid using the name parameter in the comment addition functionality until a fix is available. As a temporary workaround, consider validating and sanitizing user input for the name parameter to prevent malicious script injection.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-1554

Affected Products

Vsns Lemon

PT-2006-2553 · Vsns · Vsns Lemon

CVE-2006-1554

Related Identifiers

Affected Products

References · 9