CVE-2006-1642 Information

Description

Cross-site scripting (XSS) vulnerability in Interact 2.1.1 allows remote attackers to inject arbitrary web script or HTML via (1) the search_terms parameter to (a) search.php and (2) the first_name (3) last_name (4) email (5) password and (6) confirm_password parameters to (b) userinput.php. NOTE: the provenance of this information is unknown; the details are obtained from third party. In addition the lack of precision in the third party descriptions makes it unclear whether the named vectors are correct.

Reference

http://secunia.com/advisories/19488 http://www.osvdb.org/24389 http://www.osvdb.org/24461 http://www.vupen.com/english/advisories/2006/1244 https://exchange.xforce.ibmcloud.com/vulnerabilities/25652