CVE-2006-3061 Information
Description
Multiple cross-site scripting (XSS) vulnerabilities in 5 Star Review allow remote attackers to inject arbitrary web script or HTML via the (1) sort parameter in index2.php (2) item_id parameter in report.php (3) search_term parameter (aka the \search box) in search_reviews.php (4) the profile field in usercp/profile_edit1.php and the (5) review field in review_form.php.
Reference
http://secunia.com/advisories/20613 http://securityreason.com/securityalert/1107 http://www.osvdb.org/26496 http://www.osvdb.org/26497 http://www.osvdb.org/26498 http://www.osvdb.org/26499 http://www.securityfocus.com/archive/1/436771/100/0/threaded http://www.securityfocus.com/bid/18390 http://www.vupen.com/english/advisories/2006/2346 https://exchange.xforce.ibmcloud.com/vulnerabilities/27188 https://exchange.xforce.ibmcloud.com/vulnerabilities/27189 https://exchange.xforce.ibmcloud.com/vulnerabilities/27190 https://exchange.xforce.ibmcloud.com/vulnerabilities/27192
Share on: