CVE-2005-4642 Information

Description

Multiple cross-site scripting (XSS) vulnerabilities in HydroBB 1.0.0 Beta 2 allow remote attackers to inject arbitrary web script or HTML via the s parameter to (1) search.php (2) members.php (3) stats.php (4) viewforum.php (5) register.php (6) usercp.php (7) groups.php (8) pms.php and (9) calendar.php.

Reference

http://pridels0.blogspot.com/2005/11/xss-in-hydrobb.html http://www.osvdb.org/21293 http://www.osvdb.org/21294 http://www.osvdb.org/21295 http://www.osvdb.org/21296 http://www.osvdb.org/21297 http://www.osvdb.org/21298 http://www.osvdb.org/21299 http://www.osvdb.org/21300 http://www.osvdb.org/21301 http://www.vupen.com/english/advisories/2005/2562 https://exchange.xforce.ibmcloud.com/vulnerabilities/23299