CVE-2006-3186

Name of the Vulnerable Software and Affected Versions CMS Faethon version 1.3.2

Description The issue allows remote attackers to inject arbitrary web script or HTML, potentially leading to cross-site scripting (XSS) attacks. This can be achieved by injecting malicious input via the mainpath parameter to specific API endpoints, such as "data/footer.php" and "admin/header.php".

Recommendations For CMS Faethon version 1.3.2, consider restricting access to the mainpath parameter in the affected API endpoints "data/footer.php" and "admin/header.php" to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.