CVE-2006-6815

Name of the Vulnerable Software and Affected Versions: DMXReady Secure Login Manager version 1.0

Description: The issue allows remote authenticated administrators to inject arbitrary web script or HTML via unspecified parameters to certain API endpoints, including "set preferences.asp", "send password preferences.asp", and "SecureLoginManager/list.asp" in the Local-Admin Panel.

Recommendations: For DMXReady Secure Login Manager version 1.0, consider restricting access to the "set preferences.asp", "send password preferences.asp", and "SecureLoginManager/list.asp" endpoints in the Local-Admin Panel until a fix is available. Avoid using unspecified parameters in these endpoints to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.