CVE-2006-3183

Name of the Vulnerable Software and Affected Versions MobeScripts Mobile Space Community versions 2.0 and earlier

Description The issue allows remote attackers to inject arbitrary web script or HTML via the browse parameter, which is not filtered in the resulting error message, and multiple unspecified input fields, including those involved when updating a profile, posting comments or entries in a blog, uploading files, picture captions, and sending a private message (PM).

Recommendations For MobeScripts Mobile Space Community versions 2.0 and earlier, as a temporary workaround, consider filtering the browse parameter and restricting input in fields related to profile updates, blog comments, file uploads, picture captions, and private messages until a patch is available.