CVE-2008-3758 Information

Description

Multiple cross-site scripting (XSS) vulnerabilities in Lussumo Vanilla 1.1.4 and earlier (1) allow remote attackers to inject arbitrary web script or HTML via the NewPassword parameter to people.php and allow remote authenticated users to inject arbitrary web script or HTML via the (2) Account picture and (3) Icon fields in account.php. NOTE: some of these details are obtained from third party information.

Reference

http://lussumo.com/community/discussion/8559/vanilla-115-release-candidate-1/ http://lussumo.com/docs/doku.php?id=vanilla:releasenotes http://secunia.com/advisories/31527 http://securityreason.com/securityalert/4176 http://www.gulftech.org/?node=research&article_id=00126-08192008 http://www.securityfocus.com/archive/1/495577/100/0/threaded http://www.securityfocus.com/bid/30748 https://exchange.xforce.ibmcloud.com/vulnerabilities/44554 https://exchange.xforce.ibmcloud.com/vulnerabilities/44556