CVE-2009-2780 Information

Description

Multiple cross-site scripting (XSS) vulnerabilities in 68 Classifieds 4.1 allow remote attackers to inject arbitrary web script or HTML via the (1) cat parameter to category.php view parameter to (2) login.php and (3) viewlisting.php page parameter to (4) searchresults.php and (5) toplistings.php and (6) member parameter to viewmember.php.

Reference

http://packetstormsecurity.org/0907-exploits/68classifieds-xss.txt http://secunia.com/advisories/36034 http://www.osvdb.org/56564 http://www.osvdb.org/56565 http://www.osvdb.org/56566 http://www.osvdb.org/56567 http://www.osvdb.org/56568 http://www.osvdb.org/56569 https://exchange.xforce.ibmcloud.com/vulnerabilities/52071