CVE-2006-1769

Name of the Vulnerable Software and Affected Versions UserLand Manila versions 9.5 and earlier

Description The issue allows remote attackers to inject arbitrary web script or HTML. This can be achieved via the mode parameter in msgReader$1 or at the end of the URI in viewDepartment$.

Recommendations For versions 9.5 and earlier, consider disabling the msgReader$1 and viewDepartment$ functions until a patch is available. Restrict access to these functions to minimize the risk of exploitation. Avoid using the mode parameter in the affected API endpoint until the issue is resolved.