CVE-2006-0894 Information

Description

Multiple cross-site scripting (XSS) vulnerabilities in NOCC Webmail 1.0 allow remote attackers to inject arbitrary web script or HTML via (1) the html_error_occurred parameter in error.php (2) html_filter_select parameter in filter_prefs.php (3) html_no_mail parameter in no_mail.php the (4) page_line (5) prev and (6) next parameters in html_bottom_table.php and the (7) _SESSION[’nocc_theme’] parameter in footer.php.

Reference

http://archives.neohapsis.com/archives/bugtraq/2006-02/0418.html http://retrogod.altervista.org/noccw_10_incl_xpl.html http://secunia.com/advisories/16921 http://securitytracker.com/id?1015671 http://www.osvdb.org/23423 http://www.osvdb.org/23424 http://www.osvdb.org/23425 http://www.osvdb.org/23426 http://www.osvdb.org/23427 http://www.securityfocus.com/bid/16793