CVE-2004-2509 Information

Description

Cross-site scripting (XSS) vulnerabilities in (1) calendar.php (2) login.php and (3) online.php in Infopop UBB.Threads 6.2.3 and 6.5 allow remote attackers to inject arbitrary web script or HTML via the Cat parameter.

Reference

http://archives.neohapsis.com/archives/fulldisclosure/2004-12/0239.html http://secunia.com/advisories/13452 http://securitytracker.com/id?1012503 http://www.osvdb.org/12365 http://www.osvdb.org/12366 http://www.osvdb.org/12367 http://www.securityfocus.com/bid/11900 https://exchange.xforce.ibmcloud.com/vulnerabilities/18432