CVE-2008-2126 Information

Description

Multiple cross-site scripting (XSS) vulnerabilities in Tux CMS 0.1 allow remote attackers to inject arbitrary web script or HTML via the (1) q parameter to index.php and the (2) returnURL parameter to tux-login.php.

Reference

http://marc.info/?l=bugtraq&m=121019103418967&w=2 http://osvdb.org/44917 http://secunia.com/advisories/30121 http://www.securityfocus.com/bid/29090 https://exchange.xforce.ibmcloud.com/vulnerabilities/42252