CVE-2008-2644 Information

Description

Multiple cross-site scripting (XSS) vulnerabilities in SMEWeb 1.4b and 1.4f allow remote attackers to inject arbitrary web script or HTML via the (1) data parameter to catalog.php the (2) keyword parameter to search.php the (3) page parameter to bb.php and the (4) new_s parameter to order.php.

Reference

http://secunia.com/advisories/30477 http://www.securityfocus.com/archive/1/493130/100/0/threaded http://www.securityfocus.com/bid/29496 https://exchange.xforce.ibmcloud.com/vulnerabilities/42813 https://www.exploit-db.com/exploits/5725