CVE-2006-3558

Name of the Vulnerable Software and Affected Versions auraCMS version 1.62

Description The issue allows remote attackers to inject arbitrary web script or HTML, which can lead to cross-site scripting (XSS) attacks. This is possible via the judul artikel parameter in teman.php and the title of an article sent to the admin, displayed when unauthenticated users visit index.php.

Recommendations For auraCMS version 1.62, as a temporary workaround, consider restricting access to the teman.php page and avoiding the use of the judul artikel parameter until a patch is available. Additionally, restrict the display of article titles from the admin to authenticated users only to minimize the risk of exploitation.