CVE-2006-2545 Information

Description

Multiple cross-site scripting (XSS) vulnerabilities in Xtreme Topsites 1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter in stats.php and (2) unspecified inputs in lostid.php probably the searchthis parameter. NOTE: one or more of these vectors might be resultant from SQL injection.

Reference

http://secunia.com/advisories/20192 http://securityreason.com/securityalert/945 http://www.osvdb.org/25702 http://www.securityfocus.com/archive/1/434568/100/0/threaded http://www.securityfocus.com/bid/18055 http://www.vupen.com/english/advisories/2006/1899 https://exchange.xforce.ibmcloud.com/vulnerabilities/26614