CVE-2006-2951 Information
Description
Multiple cross-site scripting (XSS) vulnerabilities in Net Portal Dynamic System (NPDS) 5.10 and earlier allow remote attackers to inject arbitrary web script and HTML via the (1) Titlesitename or (2) sitename parameter to (a) header.php (3) nuke_url parameter to (b) meta/meta.php (4) forum parameter to (c) viewforum.php (5) post_id (6) forum (7) topic or (8) arbre parameter to (d) editpost.php or (9) uname or (10) email parameter to (e) user.php.
Reference
http://secunia.com/advisories/20523 http://securityreason.com/securityalert/1076 http://www.acid-root.new.fr/advisories/npds510.txt http://www.osvdb.org/26292 http://www.osvdb.org/26293 http://www.osvdb.org/26294 http://www.osvdb.org/26295 http://www.osvdb.org/26296 http://www.securityfocus.com/archive/1/436442/100/0/threaded http://www.securityfocus.com/bid/18383 http://www.vupen.com/english/advisories/2006/2233 https://exchange.xforce.ibmcloud.com/vulnerabilities/27123 Multiple cross-site scripting (XSS) vulnerabilities in Net Portal Dynamic System (NPDS) 5.10 and earlier allow remote attackers to inject arbitrary web script and HTML via the (1) Titlesitename or (2) sitename parameter to (a) header.php (3) nuke_url parameter to (b) meta/meta.php (4) forum parameter to (c) viewforum.php (5) post_id (6) forum (7) topic or (8) arbre parameter to (d) editpost.php or (9) uname or (10) email parameter to (e) user.php.
Share on: