CVE-2006-1202 Information

Description

Multiple cross-site scripting (XSS) vulnerabilities in textfileBB 1.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) mess and (2) user parameters in messanger.php possibly requiring a URL encoded value.

Reference

http://notlegal.ws/textfilebbmessanger.txt http://secunia.com/advisories/19149 http://securitytracker.com/id?1015744 http://www.securityfocus.com/archive/1/427081/100/0/threaded http://www.securityfocus.com/bid/17029 http://www.vupen.com/english/advisories/2006/0897 https://exchange.xforce.ibmcloud.com/vulnerabilities/25091