CVE-2008-3344 Information

Description

Multiple cross-site scripting (XSS) vulnerabilities in staticpages/easyecards/index.php in MyioSoft EasyE-Cards 3.5 trial edition (tr) and 3.10a allow remote attackers to inject arbitrary web script or HTML via the (1) ResultHtml (2) dir (3) SenderName (4) RecipientName (5) SenderMail and (6) RecipientMail parameters.

Reference

http://marc.info/?l=bugtraq&m=121665294304071&w=2 http://secunia.com/advisories/31192 http://securityreason.com/securityalert/4049 http://www.securityfocus.com/bid/30328 https://exchange.xforce.ibmcloud.com/vulnerabilities/43923