CVE-2006-2678 Information
Description
Multiple cross-site scripting (XSS) vulnerabilities in Pre News Manager 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to (a) index.php and the (2) nid parameter to (b) news_detail.php (c) email_story.php (d) thankyou.php (e) printable_view.php (f) tella_friend.php and (g) send_comments.php.
Reference
http://secunia.com/advisories/20284 http://securityreason.com/securityalert/996 http://www.osvdb.org/26066 http://www.osvdb.org/26067 http://www.osvdb.org/26068 http://www.osvdb.org/26069 http://www.osvdb.org/26070 http://www.osvdb.org/26071 http://www.osvdb.org/26072 http://www.securityfocus.com/archive/1/435020/100/0/threaded http://www.securityfocus.com/bid/18333 http://www.vupen.com/english/advisories/2006/1990 https://exchange.xforce.ibmcloud.com/vulnerabilities/26692
Share on: