CVE-2006-5984

Name of the Vulnerable Software and Affected Versions Helm Web Hosting Control Panel version 3.2.10

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote authenticated users to inject arbitrary web script or HTML. The affected parameters include txtCompanyName, txtEmail, txtUserAccNum, and setThemeColour. The vulnerable API endpoints are "users.asp" and "default.asp" at the Reseller, Admin, and User levels.

Recommendations For Helm Web Hosting Control Panel version 3.2.10, consider restricting access to the txtCompanyName, txtEmail, txtUserAccNum, and setThemeColour parameters in the affected API endpoints "users.asp" and "default.asp" until a patch is available. As a temporary workaround, avoid using these parameters in the Reseller, Admin, and User levels to minimize the risk of exploitation.