CVE-2006-3377 Information

Description

Cross-site scripting (XSS) vulnerability in JMB Software AutoRank PHP 3.02 and earlier and AutoRank Pro 5.01 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) Keyword parameter in search.php and the (2) Username parameter in main.cgi.

Reference

http://secunia.com/advisories/20903 http://secunia.com/advisories/20929 http://securitytracker.com/id?1016428 http://securitytracker.com/id?1016429 http://www.majorsecurity.de/advisory/major_rls19.txt http://www.securityfocus.com/archive/1/438941/100/0/threaded http://www.securityfocus.com/bid/18796 http://www.vupen.com/english/advisories/2006/2658 http://www.vupen.com/english/advisories/2006/2659 https://exchange.xforce.ibmcloud.com/vulnerabilities/27552