CVE-2008-4120 Information

Description

Multiple cross-site scripting (XSS) vulnerabilities in FlatPress 0.804 allow remote attackers to inject arbitrary web script or HTML via the (1) user or (2) pass parameter to login.php or the (3) name parameter to contact.php.

Reference

http://securityreason.com/securityalert/4324 http://sourceforge.net/project/shownotes.php?group_id=157089&release_id=628765_id=628765 http://www.datensalat.eu/~fabian/cve/CVE-2008-4120-flatpress.html http://www.flatpress.org/home/comments.php?entry=entry080925-180744 http://www.securityfocus.com/archive/1/496740/100/0/threaded http://www.securityfocus.com/bid/31407