CVE-2009-4690 Information

Description

Multiple cross-site scripting (XSS) vulnerabilities in YourFreeWorld Programs Rating Script allow remote attackers to inject arbitrary web script or HTML via the id parameter to (1) rate.php and (2) postcomments.php.

Reference

http://osvdb.org/56076 http://osvdb.org/56077 http://packetstormsecurity.org/0907-exploits/programsrating-xss.txt http://secunia.com/advisories/35918 http://www.securityfocus.com/bid/35746 http://www.vupen.com/english/advisories/2009/1967 https://exchange.xforce.ibmcloud.com/vulnerabilities/51880