CVE-2006-1157 Information

Description

Cross-site scripting (XSS) vulnerability in Vz Scripts ADP Forum 2.0.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the Subject field (possibly messaggio parameter) when posting a new message in post.php.

Reference

http://biyosecurity.be/bugs/adpforum2.txt http://www.osvdb.org/23961 http://www.securityfocus.com/archive/1/427171/100/0/threaded http://www.securityfocus.com/bid/17047 http://www.vupen.com/english/advisories/2006/0901 https://exchange.xforce.ibmcloud.com/vulnerabilities/25189