CVE-2006-5770 Information

Description

Multiple cross-site scripting (XSS) vulnerabilities in ac4p Mobile allow remote attackers to inject arbitrary web script or HTML via (1) Bloks (2) Newnews (3) lBlok and (4) foooot parameter in (a) index.php; Newnews (5) newmsgs and Bloks parameter in (b) MobileNews.php; Newnews parameter in (c) polls.php; (6) cats parameter in (d) send.php; (7) footer parameter in (e) up.php; and (8) pagenav parameter in (f) cp/index.php.

Reference

http://www.osvdb.org/32046 http://www.osvdb.org/32047 http://www.osvdb.org/32048 http://www.osvdb.org/32049 http://www.osvdb.org/32050 http://www.osvdb.org/32051 http://www.securityfocus.com/archive/1/450496/100/0/threaded http://www.securityfocus.com/bid/20895 https://exchange.xforce.ibmcloud.com/vulnerabilities/30007