CVE-2006-1233 Information

Description

Multiple cross-site scripting (XSS) vulnerabilities in WMNews allow remote attackers to inject arbitrary web script or HTML via the (1) ArtCat parameter to wmview.php (2) ctrrowcol parameter to footer.php or (3) ArtID parameter to wmcomments.php.

Reference

http://biyosecurity.be/bugs/wmnews.txt http://secunia.com/advisories/19204 http://www.osvdb.org/23840 http://www.osvdb.org/23841 http://www.osvdb.org/23842 http://www.securityfocus.com/archive/1/427479/100/0/threaded http://www.securityfocus.com/bid/17076 http://www.vupen.com/english/advisories/2006/0939 https://exchange.xforce.ibmcloud.com/vulnerabilities/25210