CVE-2006-1438 Information

Description

Multiple cross-site scripting (XSS) vulnerabilities in Andy’s PHP Knowledgebase (aphpkb) 0.57 allow remote attackers to inject arbitrary web script or HTML via the (1) keyword_list parameter to (a) index.php; (2) title (3) article (4) author and (5) keywords parameters to (b) submit_article.php; and (6) Question (7) Name and (8) Email parameters to (c) submit_question.php.

Reference

http://osvdb.org/ref/24/24310-aphpkb.txt http://secunia.com/advisories/19554 http://www.osvdb.org/24310 http://www.osvdb.org/24311 http://www.osvdb.org/24312 http://www.securityfocus.com/bid/17377 https://exchange.xforce.ibmcloud.com/vulnerabilities/25666