CVE-2004-2085 Information

Description

Multiple cross-site scripting (XSS) vulnerabilities in Brad Fears phpCodeCabinet 0.4 and earlier allow remote attackers to inject arbitrary web script or HTML via multiple parameters including (1) the sid parameter to comments.php (2) the cid cf or rfd parameters to category.php or the cid parameter to (3) input.php (4) browse.php (5) themes/facade/header.php or (6) themes/phpcc/header.php.

Reference

http://cvs.sourceforge.net/viewcvs.py/phpcodecabinet/phpcc/browse.php?r1=1.5&r2=1.6 http://cvs.sourceforge.net/viewcvs.py/phpcodecabinet/phpcc/category.php?r1=1.4&r2=1.5 http://cvs.sourceforge.net/viewcvs.py/phpcodecabinet/phpcc/comments.php?r1=1.1&r2=1.2 http://cvs.sourceforge.net/viewcvs.py/phpcodecabinet/phpcc/input.php?r1=1.7&r2=1.8 http://cvs.sourceforge.net/viewcvs.py/phpcodecabinet/phpcc/themes/facade/header.php?r1=1.4&r2=1.5 http://cvs.sourceforge.net/viewcvs.py/phpcodecabinet/phpcc/themes/phpcc/header.php?r1=1.4&r2=1.5 http://secunia.com/advisories/10862 http://securitytracker.com/id?1009012 http://sourceforge.net/project/shownotes.php?release_id=214860 http://www.osvdb.org/16710 http://www.osvdb.org/16711 http://www.osvdb.org/3885 http://www.osvdb.org/3886 http://www.osvdb.org/3887 http://www.securityfocus.com/bid/9601 http://www.securityfocus.com/bid/9645 https://exchange.xforce.ibmcloud.com/vulnerabilities/15190