CVE-2005-3552 Information

Description

Multiple cross-site scripting (XSS) vulnerabilities in PHPKIT 1.6.1 R2 and earlier allow remote attackers to inject arbitrary web script or HTML via multiple vectors in (1) login/profile.php (2) login/userinfo.php (3) admin/admin.php (4) imcenter.php and the (5) referer statistics the (6) HTML title element and (7) logo alt attributes in forum postings and the (8) Homepage field in the Guestbook.

Reference

http://cert.uni-stuttgart.de/archive/bugtraq/2005/11/msg00110.html http://secunia.com/advisories/17479 http://securitytracker.com/id?1015167 http://www.hardened-php.net/advisory_212005.80.html http://www.osvdb.org/20553 http://www.osvdb.org/20554 http://www.osvdb.org/20555 http://www.osvdb.org/20556 http://www.osvdb.org/20557 http://www.osvdb.org/20558 http://www.osvdb.org/20559 http://www.securityfocus.com/bid/15354 http://www.vupen.com/english/advisories/2005/2344 https://exchange.xforce.ibmcloud.com/vulnerabilities/23003 https://exchange.xforce.ibmcloud.com/vulnerabilities/23004 https://exchange.xforce.ibmcloud.com/vulnerabilities/23006 https://exchange.xforce.ibmcloud.com/vulnerabilities/23007 https://exchange.xforce.ibmcloud.com/vulnerabilities/23008 https://exchange.xforce.ibmcloud.com/vulnerabilities/23009