CVE-2012-5866

Name of the Vulnerable Software and Affected Versions Achievo version 1.4.5

Description The issue is related to a cross-site scripting (XSS) vulnerability. This vulnerability allows remote attackers to inject arbitrary web script or HTML via the field parameter in the include.php file.

Recommendations For Achievo version 1.4.5, update to a version that fixes this issue, as using the field parameter in the include.php file can lead to arbitrary web script or HTML injection. As a temporary workaround, consider restricting access to the include.php file to minimize the risk of exploitation.