CVE-2006-4543 Information

Description

Cross-site scripting (XSS) vulnerability in index.php in HLStats 1.34 allows remote attackers to inject arbitrary web script or HTML via the (1) game parameter in players mode the (2) weapon parameter in weaponinfo mode the (3) st parameter in search mode the (4) action parameter in actioninfo mode and the (5) map parameter in mapinfo mode.

Reference

http://secunia.com/advisories/21635 http://securityreason.com/securityalert/1490 http://www.securityfocus.com/archive/1/444716/100/0/threaded http://www.securityfocus.com/bid/19771