CVE-2006-3585

Name of the Vulnerable Software and Affected Versions Jetbox CMS version 2.1 SR1

Description The issue allows remote attackers to inject arbitrary web script or HTML, potentially leading to security breaches. This can be achieved through various means, including the login parameter in admin/cms/index.php, unspecified parameters in the "Supply news" page in formmail.php, the URL in the "Site statistics" page, and the query string parameter when performing a search.

Recommendations For Jetbox CMS version 2.1 SR1, consider disabling the vulnerable parameters, such as the login parameter in admin/cms/index.php and the query string parameter in search functionality, until a patch is available. Restrict access to the "Supply news" page in formmail.php and the "Site statistics" page to minimize the risk of exploitation. Avoid using the query string parameter in the affected API endpoint until the issue is resolved.