CVE-2006-3385 Information

Description

Cross-site scripting (XSS) vulnerability in divers.php in Vincent Leclercq News 5.2 allows remote attackers to inject arbitrary web script or HTML via the (1) id and (2) disabled parameters.

Reference

http://secunia.com/advisories/20936 http://www.acid-root.new.fr/advisories/news52.txt http://www.securityfocus.com/archive/1/438859/100/0/threaded http://www.securityfocus.com/bid/18775 http://www.vupen.com/english/advisories/2006/2642 https://exchange.xforce.ibmcloud.com/vulnerabilities/27505