CVE-2010-3427 Information

Description

Multiple cross-site scripting (XSS) vulnerabilities in Open Classifieds 1.7.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) desc (2) price (3) title and (4) place parameters to index.php and the (5) subject parameter to contact.htm related to content/contact.php.

Reference

http://osvdb.org/67971 http://osvdb.org/67972 http://pridels-team.blogspot.com/2010/09/open-classifieds-version-1702-xss-vuln.html http://secunia.com/advisories/41386 http://www.securityfocus.com/bid/43176