CVE-2009-2785 Information

Description

Multiple cross-site scripting (XSS) vulnerabilities in PHP Open Classifieds Script allow remote attackers to inject arbitrary web script or HTML via the (1) page parameter to buy.php and the id parameter to (2) contact.php and (3) tellafriend.php.

Reference

http://osvdb.org/56657 http://osvdb.org/56658 http://osvdb.org/56659 http://packetstormsecurity.org/0907-exploits/openclassifieds-xss.txt http://secunia.com/advisories/35929 https://exchange.xforce.ibmcloud.com/vulnerabilities/52123