CVE-2006-4577

Name of the Vulnerable Software and Affected Versions The Address Book version 1.04e

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML via Javascript events in several parameters across different PHP files. The affected parameters include email, websites, and groupAddName in "save.php", errorMsg in "index.php", and goTo and search in "search.php".

Recommendations For version 1.04e, update to a version that addresses these XSS vulnerabilities to prevent remote attackers from injecting arbitrary web script or HTML. As a temporary workaround, consider restricting user input for the email, websites, groupAddName, errorMsg, goTo, and search parameters in the respective PHP files until a patch is available.