CVE-2005-2467 Information

Description

Multiple cross-site scripting (XSS) vulnerabilities in MySQL Eventum 1.5.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to view.php (2) release parameter to list.php or (3) F parameter to get_jsrs_data.php.

Reference

http://lists.mysql.com/eventum-users/2072 http://marc.info/?l=bugtraq&m=112292193807958&w=2 http://secunia.com/advisories/16304 http://securitytracker.com/id?1014603 http://www.gulftech.org/?node=research&article_id=00093-07312005 http://www.osvdb.org/18400 http://www.osvdb.org/18401 http://www.osvdb.org/18402 http://www.securityfocus.com/bid/14436 http://www.vupen.com/english/advisories/2005/1287