CVE-2006-2969

Name of the Vulnerable Software and Affected Versions L0j1k tinyMuw version 0.1.0

Description A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via a javascript URI in the SRC attribute of an IMG element in the input box in quickchat.php. This could potentially lead to other manipulations.

Recommendations For version 0.1.0, as a temporary workaround, consider restricting the use of the input box in quickchat.php to minimize the risk of exploitation. Avoid using the SRC attribute of an IMG element with javascript URIs in the input box until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.