CVE-2006-1965 Information
Description
Multiple cross-site scripting (XSS) vulnerabilities in aasi media Net Clubs Pro 4.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) onuser (2) pass (3) chatsys (4) room (5) username and (6) to parameters in (a) sendim.cgi; the (7) username parameter in (b) imessage.cgi; the (8) password parameter in (c) login.cgi; and the (9) cat_id parameter in (d) viewcat.cgi.
Reference
http://pridels0.blogspot.com/2006/04/net-clubs-pro-xss-vuln.html http://secunia.com/advisories/19651 http://www.osvdb.org/24754 http://www.osvdb.org/24755 http://www.osvdb.org/24756 http://www.osvdb.org/24757 http://www.securityfocus.com/bid/17622 http://www.vupen.com/english/advisories/2006/1436 https://exchange.xforce.ibmcloud.com/vulnerabilities/25957
Share on: