CVE-2005-4307 Information

Description

Cross-site scripting (XSS) vulnerability in ScareCrow 2.13 and earlier allows remote attackers to inject arbitrary web script or HTML via the forum parameter to (1) forum.cgi and (2) post.cgi or (3) the user parameter to profile.cgi.

Reference

http://pridels0.blogspot.com/2005/12/scarecrow-message-board-xss-vuln.html http://secunia.com/advisories/18084 http://www.osvdb.org/21777 http://www.osvdb.org/21778 http://www.osvdb.org/21779 http://www.securityfocus.com/bid/15915 http://www.vupen.com/english/advisories/2005/2937