CVE-2006-6271

Name of the Vulnerable Software and Affected Versions PHPOLL version 0.96

Description The issue allows remote attackers to inject arbitrary web script or HTML, potentially leading to cross-site scripting (XSS) attacks. This can be achieved by manipulating the language parameter in various PHP files, including index.php, info.php, votanti.php, risultati config.php, modifica band.php, band editor.php, and config editor.php, particularly those located in the admin directory. API endpoints such as "index.php" and "info.php" are affected.

Recommendations For PHPOLL version 0.96, consider disabling the vulnerable parameters, such as the language parameter, in the affected PHP files until a patch is available. Restrict access to the admin directory to minimize the risk of exploitation. Avoid using the language parameter in the affected API endpoints until the issue is resolved.