CVE-2006-4985 Information

Description

Multiple cross-site scripting (XSS) vulnerabilities in Grayscale BandSite CMS allow remote attackers to inject arbitrary web script or HTML via (1) the max_file_size_purdy parameter in adminpanel/includes/helpfiles/help_mp3.php (2) the message_text parameter in adminpanel/includes/mailinglist/sendemail.php (3) the this_year parameter in includes/footer.php and the band parameter in (4) adminpanel/includes/helpfiles/help_news.php (5) adminpanel/includes/helpfiles/help_merch.php (6) adminpanel/includes/header.php and (7) adminpanel/login_header.php; and includes/content/ files including (8) bio_content.php (9) gbook_content.php (10) interview_content.php (11) links_content.php (12) lyrics_content.php (13) member_content.php (14) merch_content.php (15) mp3_content.php (16) news_content.php (17) pastshows_content.php (18) photo_content.php (19) releases_content.php (20) reviews_content.php (21) shows_content.php and (22) signgbook_content.php.

Reference

http://secunia.com/advisories/21992 http://securityreason.com/securityalert/1634 http://www.securityfocus.com/archive/1/446576/100/0/threaded http://www.securityfocus.com/bid/20137