CVE-2005-3511 Information

Description

Multiple cross-site scripting (XSS) vulnerabilities in Spymac Web OS 4.0 allow remote attackers to inject arbitrary web script or HTML via (a) the blogs module including the (1) curr parameter in index.php (2) inspire (3) system or (4) title parameter in blog_newentry.php (5) entry parameter in blog_newentry_comment.php (6) entry parameter in blog_edit_entry.php or (7) caldate parameter in blog.php; and (b) the notes module including the (1) forwardid parameter in a noteform action; (2) del_folder parameter in a delete_folder action; (3) isread (4) dateorder (5) subjectorder (6) curr (7) fromorder or (8) action parameters; (9) ppp or (10) totalreplies parameter in an Inbox action; (11) totalnotes parameter; or (12) touserid parameter in a noteform action.

Reference

http://lostmon.blogspot.com/2005/11/spymac-web-os-v4-blogs-and-notes.html http://www.vupen.com/english/advisories/2005/2312