CVE-2006-3607

Name of the Vulnerable Software and Affected Versions Softbiz Banner Exchange Script versions 1.0

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML. Specifically, the city parameter in insertmember.php and a PHPSESSID cookie in several files, including lostpassword.php, gen confirm mem.php, and index.php, are vulnerable.

Recommendations For Softbiz Banner Exchange Script version 1.0, consider validating and sanitizing user input for the city parameter in insertmember.php and restricting access to the PHPSESSID cookie in lostpassword.php, gen confirm mem.php, and index.php to minimize the risk of exploitation. As a temporary workaround, restrict the use of these parameters and cookies until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.