CVE-2006-3607 Information

Description

Multiple cross-site scripting (XSS) vulnerabilities in Softbiz Banner Exchange Script (aka Banner Exchange Network Script) 1.0 allow remote attackers to inject arbitrary web script or HTML via (1) the city parameter in (a) insertmember.php and (2) a PHPSESSID cookie in (b) lostpassword.php (c) gen_confirm_mem.php and (d) index.php.

Reference

http://ellsec.org/print.php?type=N&item_id=141 http://www.securityfocus.com/archive/1/438705/100/200/threaded http://www.securityfocus.com/bid/18735 https://exchange.xforce.ibmcloud.com/vulnerabilities/27460 https://exchange.xforce.ibmcloud.com/vulnerabilities/27461