CVE-2006-4964

Name of the Vulnerable Software and Affected Versions MAXdev MDPro versions prior to 1.0.76 (updated before 20060918)

Description A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML. This is achieved through vectors that bypass the XSS protection mechanisms of the pnVarCleanFromInput function and unspecified vectors related to the AntiCracker.

Recommendations For MAXdev MDPro versions prior to 1.0.76, update to a version released after 20060918 to resolve the issue. As a temporary workaround, consider restricting input to prevent bypassing the XSS protection mechanisms until a patch is available.