CVE-2006-2564 Information

Description

Multiple cross-site scripting (XSS) vulnerabilities in index.php in AlstraSoft E-Friends allow remote attackers to inject arbitrary web script or HTML by (1) posting a blog (2) posting a listing (3) posting an event (4) adding comments or (5) sending a message.

Reference

http://secunia.com/advisories/20229 http://securityreason.com/securityalert/954 http://www.securityfocus.com/archive/1/434846/100/0/threaded http://www.securityfocus.com/bid/18079 http://www.vupen.com/english/advisories/2006/1944 https://exchange.xforce.ibmcloud.com/vulnerabilities/26650