CVE-2006-3327

Name of the Vulnerable Software and Affected Versions Custom dating biz dating script version 1.0

Description A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via specific parameters. The vulnerable parameters include the sn20 special cases parameter in the "Special Cases" field of profile/mini.php, the tyxx01 album name parameter in the "Album Name" field of profile/photo create.php, and the u parameter in admin/user view.php.

Recommendations For Custom dating biz dating script version 1.0, avoid using the sn20 special cases, tyxx01 album name, and u parameters in their respective API endpoints until a fix is available. As a temporary workaround, consider restricting access to the profile/mini.php, profile/photo create.php, and admin/user view.php pages to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.