CVE-2006-6452

Name of the Vulnerable Software and Affected Versions RunCMS MyArticles module version prior to 0.6 beta 1

Description The issue allows remote attackers to inject arbitrary web script or HTML via unspecified parameters to API endpoints such as "topics.php", "submit.php", and "class/calendar.class.php".

Recommendations For RunCMS MyArticles module version prior to 0.6 beta 1, update to version 0.6 beta 1 or later to resolve the issue. As a temporary workaround, consider restricting access to the affected API endpoints "topics.php", "submit.php", and "class/calendar.class.php" to minimize the risk of exploitation.