CVE-2006-0923 Information

Description

Multiple cross-site scripting (XSS) vulnerabilities in MyPHPNuke (MPN) 1.88 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the letter parameter in reviews.php and (2) the dcategory parameter in download.php.

Reference

http://secunia.com/advisories/19052 http://securityreason.com/securityalert/491 http://www.myphpnuke.com/article.php?sid=1035&mode=thread&order=0 http://www.nukedx.com/?viewdoc=12 http://www.securityfocus.com/archive/1/425983/100/0/threaded http://www.securityfocus.com/bid/16815 http://www.vupen.com/english/advisories/2006/0750 https://exchange.xforce.ibmcloud.com/vulnerabilities/24887