CVE-2006-3769 Information

Description

Multiple cross-site scripting (XSS) vulnerabilities in Top XL 1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) pass and (2) pass2 parameters in (a) add.php or the (3) id parameter in (b) members/index.php.

Reference

http://secunia.com/advisories/21145 http://securityreason.com/securityalert/1267 http://securitytracker.com/id?1016548 http://www.majorsecurity.de/advisory/major_rls22.txt http://www.osvdb.org/27413 http://www.osvdb.org/27414 http://www.securityfocus.com/archive/1/440652/100/0/threaded http://www.securityfocus.com/archive/1/440889/100/100/threaded http://www.securityfocus.com/bid/19098 http://www.vupen.com/english/advisories/2006/2914 https://exchange.xforce.ibmcloud.com/vulnerabilities/27880