CVE-2006-1097 Information

Description

Multiple cross-site scripting (XSS) vulnerabilities in Datenbank MOD 2.7 and earlier for Woltlab Burning Board allow remote attackers to inject arbitrary web script or HTML via the fileid parameter to (1) info_db.php or (2) database.php.

Reference

http://archives.neohapsis.com/archives/fulldisclosure/2006-03/0033.html http://www.nukedx.com/?viewdoc=17 http://www.osvdb.org/23809 http://www.osvdb.org/23811 http://www.securityfocus.com/archive/1/426583 https://exchange.xforce.ibmcloud.com/vulnerabilities/25004