CVE-2006-2746 Information
Description
Multiple cross-site scripting (XSS) vulnerabilities in F@cile Interactive Web 0.8.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) lang parameter in index.php and the (2) mytheme and (3) myskin parameters in multiple \p-themes\ index.inc.php files including (c) lowgraphic (d) classic (e) puzzle (f) simple and (g) ciao. NOTE: vectors 2 and 3 might be resultant from file inclusion issues.
Reference
http://secunia.com/advisories/20358 http://securityreason.com/securityalert/1010 http://www.nukedx.com/?getxpl=35 http://www.nukedx.com/?viewdoc=35 http://www.osvdb.org/26104 http://www.osvdb.org/26105 http://www.securityfocus.com/archive/1/435283/100/0/threaded http://www.securityfocus.com/bid/18151 http://www.vupen.com/english/advisories/2006/2036
Share on: