CVE-2006-4577 Information

Description

Multiple cross-site scripting (XSS) vulnerabilities in The Address Book 1.04e allow remote attackers to inject arbitrary web script or HTML via Javascript events in the (1) email (2) websites and (3) groupAddName parameters in (a) save.php; the (4) errorMsg parameter in (b) index.php; and the (5) goTo and (6) search parameters in (c) search.php.

Reference

http://osvdb.org/32564 http://osvdb.org/32565 http://osvdb.org/32566 http://secunia.com/advisories/21694 http://secunia.com/secunia_research/2006-76/advisory/ http://www.securityfocus.com/bid/21870 https://exchange.xforce.ibmcloud.com/vulnerabilities/31240 https://exchange.xforce.ibmcloud.com/vulnerabilities/31247