CVE-2006-1222 Information

Description

Multiple cross-site scripting (XSS) vulnerabilities in zeroboard 4.1 pl7 allows allow remote attackers to inject arbitrary web script or HTML via the (1) memo box title (2) user email and (3) homepage fields.

Reference

http://lists.grok.org.uk/pipermail/full-disclosure/2006-March/042872.html http://secunia.com/advisories/19214 http://www.inetcop.org/upfiles/33INCSA.2006-0x82-029-zeroboard.pdf http://www.nzeo.com/bbs/zboard.php?id=cgi_bugreport2&no=5406 http://www.osvdb.org/23847 http://www.securityfocus.com/archive/1/427466/100/0/threaded http://www.securityfocus.com/bid/17075 http://www.vupen.com/english/advisories/2006/0944 https://exchange.xforce.ibmcloud.com/vulnerabilities/25212