CVE-2006-1889 Information

Description

Cross-site scripting (XSS) vulnerability in the search action handler in index.php in Nils Asmussen (aka SCRIPTSOLUTION) Boardsolution 1.12 and earlier allows remote attackers to inject arbitrary web script or HTML via the \Search for\ item (keyword parameter).

Reference

http://secunia.com/advisories/19654 http://securityreason.com/securityalert/718 http://securityreason.com/securityalert/766 http://securitytracker.com/id?1015948 http://www.securityfocus.com/archive/1/431072/100/0/threaded http://www.securityfocus.com/bid/17549 http://www.vupen.com/english/advisories/2006/1413 https://exchange.xforce.ibmcloud.com/vulnerabilities/25805