CVE-2009-4649 Information

Description

Multiple cross-site scripting (XSS) vulnerabilities in geccBBlite 0.1 allow remote attackers to inject arbitrary web script or HTML via the postatoda parameter to (1) rispondi.php and (2) scrivi.php which is not properly handled in forum.php.

Reference

http://groups.csail.mit.edu/pag/ardilla/ http://groups.csail.mit.edu/pag/ardilla/geccbblite-XSS2-lenient-T.txt http://groups.csail.mit.edu/pag/ardilla/geccbblite-XSS2-strict-T.txt http://www.securityfocus.com/bid/35449 https://exchange.xforce.ibmcloud.com/vulnerabilities/56278