CVE-2006-2425 Information

Description

Multiple cross-site scripting (XSS) vulnerabilities in PRV.php in PhpRemoteView possibly 2003-10-23 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) f (2) d and (3) ref parameters and the (4) \MAKE DIR\ and (5) \Full file name\ fields.

Reference

http://secunia.com/advisories/20141 http://securityreason.com/securityalert/902 http://soot.shabgard.org/bugs/phpremoteview.txt http://www.osvdb.org/25572 http://www.securityfocus.com/archive/1/434118/100/0/threaded http://www.securityfocus.com/bid/17994 http://www.vupen.com/english/advisories/2006/1844 https://exchange.xforce.ibmcloud.com/vulnerabilities/26473