CVE-2006-5717

Name of the Vulnerable Software and Affected Versions: Zend Google Data Client Library (ZendGData) Preview version 0.2.0

Description: The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML via unspecified parameters in files such as basedemo.php and calenderdemo.php in the samples/ directory, and other unspecified files.

Recommendations: For Zend Google Data Client Library (ZendGData) Preview version 0.2.0, consider restricting access to the affected demo files, such as basedemo.php and calenderdemo.php, until a fix is available. Avoid using unspecified parameters in these files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.