CVE-2006-2885 Information

Description

Multiple cross-site scripting (XSS) vulnerabilities in KnowledgeTree Open Source 3.0.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) fDocumentId parameter in view.php and the (2) fSearchableText parameter in /search/simpleSearch.php.

Reference

http://pridels0.blogspot.com/2006/06/knowledgetree-open-source-xss-vuln.html http://secunia.com/advisories/20455 http://www.osvdb.org/26179 http://www.osvdb.org/26180 http://www.securityfocus.com/bid/18324 http://www.vupen.com/english/advisories/2006/2157 https://exchange.xforce.ibmcloud.com/vulnerabilities/26940