CVE-2006-2966 Information

Description

Cross-site scripting (XSS) vulnerability in Particle Soft Particle Wiki 1.0.2 allows remote attackers to inject arbitrary web script or HTML via a BR element with an extraneous IMG tag and a STYLE attribute that contains /bin/ /boot/ /cdrom/ /dev/ /etc/ /home/ /lib/ /lib32/ /lib64/ /libx32/ /lost+found/ /media/ /mnt/ /opt/ /proc/ /root/ /run/ /sbin/ /snap/ /srv/ /sys/ /tmp/ /usr/ /var/ comment sequences which bypasses the XSS protection scheme.

Reference

http://securityreason.com/securityalert/1070 http://www.securityfocus.com/archive/1/436121/100/0/threaded http://www.vupen.com/english/advisories/2006/2170 https://exchange.xforce.ibmcloud.com/vulnerabilities/26952