CVE-2009-4782 Information

Description

Multiple cross-site scripting (XSS) vulnerabilities in Theeta CMS possibly 0.01 allow remote attackers to inject arbitrary web script or HTML via the (1) start (2) forum and (3) cat parameters to community/thread.php; (4) start and (5) cat parameters to community/forum.php; and (6) start parameter to blog/index.php.

Reference

http://packetstormsecurity.org/0912-exploits/theeta-sqlxss.txt http://secunia.com/advisories/37529 http://www.securityfocus.com/archive/1/508148/100/0/threaded