CVE-2006-1965

Name of the Vulnerable Software and Affected Versions aasi media Net Clubs Pro versions 4.0 and earlier

Description The issue allows remote attackers to inject arbitrary web script or HTML via several parameters in different CGI files. The affected parameters include onuser, pass, chatsys, room, username, and to in the sendim.cgi file, username in the imessage.cgi file, password in the login.cgi file, and cat id in the viewcat.cgi file.

Recommendations For aasi media Net Clubs Pro versions 4.0 and earlier, update to a version later than 4.0 to resolve the issue. As a temporary workaround, consider restricting access to the sendim.cgi, imessage.cgi, login.cgi, and viewcat.cgi files until a patch is available. Avoid using the parameters onuser, pass, chatsys, room, username, to, password, and cat id in the affected CGI files until the issue is resolved.