CVE-2006-6874

Name of the Vulnerable Software and Affected Versions: eNdonesia version 8.4

Description: The issue allows remote attackers to inject arbitrary web script or HTML via the Message or Your Name field in friend.php, potentially leading to cross-site scripting (XSS) attacks.

Recommendations: For eNdonesia version 8.4, consider validating and sanitizing user input in the Message and Your Name fields to prevent XSS attacks. As a temporary workaround, restrict access to the friend.php file until a proper fix is applied.