CVE-2007-2600 Information

Description

Multiple cross-site scripting (XSS) vulnerabilities in TutorialCMS (aka Photoshop Tutorials) 1.00 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) catFile parameter to (a) browseCat.php or (b) browseSubCat.php; the (2) id parameter to (c) openTutorial.php (d) topFrame.php or (e) admin/editListing.php; or the (3) search parameter to search.php.

Reference

http://osvdb.org/35892 http://osvdb.org/35893 http://osvdb.org/35894 http://osvdb.org/35895 http://osvdb.org/35896 http://osvdb.org/35897 http://www.securityfocus.com/bid/23905 http://www.vupen.com/english/advisories/2007/1742 https://exchange.xforce.ibmcloud.com/vulnerabilities/34215 https://www.exploit-db.com/exploits/3887