CVE-2006-2812

Name of the Vulnerable Software and Affected Versions Dominios Europa PICRATE (aka TAL RateMyPic) version 1.0

Description The issue allows remote attackers to inject arbitrary web script or HTML via a javascript URI in the SRC attribute of an IMG element in the name (aka nick), email, and comment boxes; and via the id parameter. This can be exploited through specific API endpoints, although the exact endpoints are not specified.

Recommendations For Dominios Europa PICRATE (aka TAL RateMyPic) version 1.0, consider disabling the comment and user input features until a patch is available to prevent exploitation through the name, email, and comment boxes, as well as the id parameter. Restrict access to user-provided input to minimize the risk of arbitrary web script or HTML injection.