CVE-2006-4874

Name of the Vulnerable Software and Affected Versions Jupiter CMS (affected versions not specified)

Description The issue allows remote attackers to inject arbitrary web script or HTML via multiple parameters in various PHP files, including modules/blocks.php, modules/register.php, modules/mass-email.php, and modules/search.php. The vulnerable parameters include language[Admin name], language[Admin back], language[Register title], language[Register title2], language[Mass-Email form title], language[Mass-Email form desc], language[Mass-Email form desc2], language[Mass-Email form desc3], language[Mass-Email form desc4], language[Forgotten title], language[Forgotten desc], language[Forgotten desc2], language[Forgotten desc3], language[Forgotten desc4], language[Forgotten desc5], language[Search view desc], language[Search view desc2], language[Search view desc3], language[Search view desc4], language[Search view desc5], language[Search view desc6], language[Search view desc7], and language[Search view desc8].

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.