PT-2006-2638 · Interact · Interact

Published

2006-04-06

Updated

2017-07-20

CVE-2006-1642

CVSS v2.0

2.6

Low

Vector

AV:N/AC:H/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions: Interact version 2.1.1

Description: The issue allows remote attackers to inject arbitrary web script or HTML. This can be achieved via the search terms parameter to the "search.php" endpoint, and the first name, last name, email, password, and confirm password parameters to the "userinput.php" endpoint.

Recommendations: For Interact version 2.1.1, consider restricting access to the "search.php" and "userinput.php" endpoints until a fix is available. As a temporary workaround, avoid using the search terms, first name, last name, email, password, and confirm password parameters in the affected endpoints.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-1642

Affected Products

Interact

PT-2006-2638 · Interact · Interact

CVE-2006-1642

Related Identifiers

Affected Products

References · 6