CVE-2010-2917 Information

Description

Multiple cross-site scripting (XSS) vulnerabilities in index.php in AJ Square AJ Article 3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) emailid (2) fname (3) lname (4) company (5) address1 (6) address2 (7) city (8) state (9) zipcode (10) phone and (11) fax parameters in an update action. NOTE: some of these details are obtained from third party information.

Reference

http://packetstormsecurity.org/1007-exploits/ajarticle-xss.txt http://secunia.com/advisories/40560 http://www.exploit-db.com/exploits/14354 http://www.osvdb.org/66279 http://www.securityfocus.com/bid/41576 https://exchange.xforce.ibmcloud.com/vulnerabilities/60357