CVE-2005-2539 Information

Description

Multiple cross-site scripting (XSS) vulnerabilities in FlatNuke 2.5.5 and possibly earlier versions allow remote attackers to inject arbitrary web script or HTML via the (1) bodycolor (2) backimage (3) theme or (4) logo parameter to structure.php (5) admin (6) admin_mail or (7) back parameter to footer.php or (8) the message body in a news post.

Reference

http://marc.info/?l=bugtraq&m=112327238030127&w=2 http://secunia.com/advisories/16330 http://www.osvdb.org/18551 http://www.osvdb.org/18552 http://www.osvdb.org/18553 http://www.rgod.altervista.org/flatnuke.html http://www.securityfocus.com/bid/14483 https://exchange.xforce.ibmcloud.com/vulnerabilities/21707 https://exchange.xforce.ibmcloud.com/vulnerabilities/21708