CVE-2006-4838

Name of the Vulnerable Software and Affected Versions DCP-Portal SE version 6.0

Description The issue allows remote attackers to inject arbitrary web script or HTML. This is achieved via the root url and dcp version parameters in the admin/inc/footer.inc.php file, and the root url, page top name, page name, and page options parameters in the admin/inc/header.inc.php file.

Recommendations For DCP-Portal SE version 6.0, consider restricting access to the admin/inc/footer.inc.php and admin/inc/header.inc.php files to minimize the risk of exploitation. Avoid using the root url, dcp version, page top name, page name, and page options parameters in these files until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.