CVE-2005-4248 Information

Description

Multiple cross-site scripting (XSS) vulnerabilities in QuickPayPro 3.1 allow remote attackers to inject arbitrary web script or HTML via various fields such as those in (1) communication/subscribers.tracking.add.php (2) support/tickets.add.php and (3) mycompany/categories.php.

Reference

http://pridels0.blogspot.com/2005/12/quickpaypro-31-multiple-vuln.html http://secunia.com/advisories/17981 http://www.osvdb.org/21682 http://www.osvdb.org/21683 http://www.osvdb.org/21684 http://www.securityfocus.com/bid/15863 http://www.vupen.com/english/advisories/2005/2875