CVE-2010-2316 Information

Description

Multiple cross-site scripting (XSS) vulnerabilities in default.asp in WmsCms 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) search (2) sbr (3) p and (4) sbl parameters different vectors than CVE-2007-3137.

Reference

http://www.ariko-security.com/june2010/audyt_bezpieczenstwa_692.html http://www.exploit-db.com/exploits/13739 http://www.securityfocus.com/bid/40593 http://www.vupen.com/english/advisories/2010/1361