CVE-2006-6925 Information

Description

Multiple cross-site scripting (XSS) vulnerabilities in bitweaver 1.3.1 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the message title field when submitting an article to articles/edit.php (2) the message title field when submitting a blog post to blogs/post.php or (3) the message description field when editing in the Sandbox in wiki/edit.php.

Reference

http://archives.neohapsis.com/archives/bugtraq/2006-11/0142.html http://secunia.com/advisories/22793 http://securityreason.com/securityalert/2144 http://www.securityfocus.com/bid/20988 http://www.securityfocus.com/bid/20996 http://www.vupen.com/english/advisories/2006/4485 https://exchange.xforce.ibmcloud.com/vulnerabilities/30167