CVE-2006-2689

Name of the Vulnerable Software and Affected Versions EVA-Web versions 2.1.2 and earlier

Description The issue allows remote attackers to inject arbitrary web script or HTML, potentially leading to cross-site scripting (XSS) attacks. This can be achieved via several parameters, including the debut image parameter in the "article-album.php3" script, the date parameter in the "rubrique.php3" script, and the perso and aide parameters in an unknown script, likely "index.php".

Recommendations For EVA-Web versions 2.1.2 and earlier, consider disabling the debut image, date, perso, and aide parameters in the respective scripts until a patch is available. Restrict access to the "article-album.php3", "rubrique.php3", and the unknown script, likely "index.php", to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.