CVE-2006-6037

Name of the Vulnerable Software and Affected Versions Dan Jensen Travelsized CMS versions 0.4.1 and earlier

Description The issue allows remote attackers to inject arbitrary web script or HTML via vulnerable parameters. Specifically, the parameters page, page id, and language are affected. This can lead to cross-site scripting (XSS) attacks.

Recommendations For Dan Jensen Travelsized CMS versions 0.4.1 and earlier, update to a version later than 0.4.1 to resolve the issue. As a temporary workaround, consider restricting access to the index.php file or validating and sanitizing user input for the page, page id, and language parameters to prevent arbitrary script injection.