CVE-2006-5127 Information

Description

Multiple cross-site scripting (XSS) vulnerabilities in Bartels Schoene ConPresso before 4.0.5a allow remote attackers to inject arbitrary web script or HTML via (1) the nr parameter in detail.php (2) the msg parameter in db_mysql.inc.php and (3) the pos parameter in index.php.

Reference

http://download.compresso.de/compresso-4.0.5a.zip http://secunia.com/advisories/22145 http://securityreason.com/securityalert/1671 http://www.majorsecurity.de/index_2.php?major_rls=major_rls28 http://www.securityfocus.com/archive/1/447358/100/0/threaded http://www.securityfocus.com/bid/20273 http://www.vupen.com/english/advisories/2006/3868 https://exchange.xforce.ibmcloud.com/vulnerabilities/29272