PT-2006-3530 · Skybox · Skyebox
Nomenumbra
+1
·
Published
2006-05-25
·
Updated
2018-10-18
·
CVE-2006-2584
CVSS v2.0
4.3
Medium
| Vector | AV:N/AC:M/Au:N/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
SkyeBox version 1.2.0
Description
The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML. The
name and message parameters are specifically vulnerable to such injections.Recommendations
For SkyeBox version 1.2.0, avoid using the
name and message parameters in the post.php file until a fix is available. As a temporary workaround, consider validating and sanitizing user input for these parameters to prevent malicious script injections.Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Skyebox