CVE-2007-5059 Information
Description
Multiple cross-site scripting (XSS) vulnerabilities in GreenSQL allow remote attackers to inject arbitrary web script or HTML via several vectors as demonstrated by the (1) uname and (2) pass parameters in a login form and (3) an unspecified \url value\ leading to storage of XSS sequences in the database and display of these sequences in the alert section of the admin panel.
Reference
http://www.greensql.net/security
http://www.osvdb.org/38165
http://www.osvdb.org/38166
http://www.securityfocus.com/archive/1/480278/100/0/threaded
http://www.securityfocus.com/bid/25767
https://exchange.xforce.ibmcloud.com/vulnerabilities/36749
Multiple
cross-site
scripting
(XSS)
vulnerabilities
in
GreenSQL
allow
remote
attackers
to
inject
arbitrary
web
script
or
HTML
via
several
vectors
as
demonstrated
by
the
(1)
uname
and
(2)
pass
parameters
in
a
login
form
and
(3)
an
unspecified
\url
value
leading
to
storage
of
XSS
sequences
in
the
database
and
display
of
these
sequences
in
the
alert
section
of
the
admin
panel.