CVE-2006-3613 Information

Description

Multiple cross-site scripting (XSS) vulnerabilities in Chamberland Technology ezWaiter 3.0 Online and possibly Enterprise Software (aka enterprise edition) allow remote attackers to inject arbitrary web script or HTML via the (1) itemfor (aka \Who is this item for?) and (2) special (aka \Special Instructions) parameters to item.php which is accessed from showorder.php or (3) unspecified parameters to the login form at login.php.

Reference

http://www.securityfocus.com/archive/1/438792/100/0/threaded http://www.securityfocus.com/bid/18746 https://exchange.xforce.ibmcloud.com/vulnerabilities/27587