CVE-2007-1248 Information

Description

Multiple cross-site scripting (XSS) vulnerabilities in built2go News Manager Blog 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) cid (2) uid and (3) nid parameters to (a) news.php and the nid parameter to (b) rating.php.

Reference

http://secunia.com/advisories/24334 http://securityreason.com/securityalert/2343 http://www.securityfocus.com/archive/1/461672/100/0/threaded http://www.securityfocus.com/bid/22783 http://www.vupen.com/english/advisories/2007/0818 https://exchange.xforce.ibmcloud.com/vulnerabilities/32772