CVE-2005-3260 Information

Description

Multiple cross-site scripting (XSS) vulnerabilities in versatileBulletinBoard (vBB) 1.0.0 RC2 allow remote attackers to inject arbitrary web script or HTML via (1) the url parameter in dereferrer.php and (2) the file parameter in imagewin.php.

Reference

http://marc.info/?l=bugtraq&m=112907535528616&w=2 http://rgod.altervista.org/versatile100RC2.html http://secunia.com/advisories/17174/ http://www.osvdb.org/19969 http://www.osvdb.org/19970 http://www.osvdb.org/19971 http://www.securityfocus.com/bid/15073 Multiple cross-site scripting (XSS) vulnerabilities in versatileBulletinBoard (vBB) 1.0.0 RC2 allow remote attackers to inject arbitrary web script or HTML via (1) the url parameter in dereferrer.php and (2) the file parameter in imagewin.php.