CVE-2006-5036

Name of the Vulnerable Software and Affected Versions MySource Matrix versions 3.8 and earlier MySource versions 2.x

Description The issue allows remote attackers to use the application as an HTTP proxy server via the sq remote page url parameter, enabling access to arbitrary sites with the server's IP address and potentially conducting cross-site scripting (XSS) attacks.

Recommendations For MySource Matrix versions 3.8 and earlier, consider restricting access to the sq remote page url parameter to minimize the risk of exploitation. For MySource versions 2.x, avoid using the sq remote page url parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.